A new era has dawned in the Mac universe and it's not a good one. Recently, a toolkit was released to facilitate the construction of malware for Macs that mimics many of the "socially-engineered" Windows malware approaches.

In particular, if your Mac suddenly pops up a window claiming you are infected (possibly showing a screen that looks like your Apple Mail application), and that you must download "Mac Defender" (or some such other whizzy name)--DON'T DO IT!!!

How it works--

1) This likely occurred when you were web browsing and was therefore triggered by a page you chose to view.
2) This type of malware tries to scare you into taking the very action that will infect/breach your computer.
3) For many of you, a telltale sign will be that you don't use Apple Mail--so showing you an infected screen that looks like Apple Mail is a hoax.

What this means--

It is important to understand that the Mac's UNIX-based OS is still relatively safe from local area network-propagated viruses or types of malware that infect without user intervention. That said, this new assault is one hallmark of a new era of Mac malware that relies entirely on your complicity.

To be clear, it's all on you (that's the social engineering part)--

To become infected, you, the end-user must:

1) go to an infected web page or open an email that will lead you to an infected web page
2) If "Open 'safe' files is on in Safari preferences the malware will install itself

Key Point: To avoid automatic installation all users should turn "off" "Open 'safe' files" from Safari's "General" preference tab (see image below for details).

To recap--

Yes, Macs are still the safest (for now), but the enemy is on the move. Be wary and examine what you see when browsing in the same way you have learned to doubt email that says something like, "You have just won 1-100 million dollars from the lotterytrustfundbank or my great dead aunt from NigeriaMicrosoftAfghanistan--please send all of your particulars to us to receive the money."

Most of all--don't install things you don't understand--when in doubt call us.

JP