Mac Guard assails teen girl's computer

Lots of people are dismissing blogs and news stories about Mac Defender, and the Mac Guard variant, as frivolous reporting. Reasoning: There are hundreds of thousands of Windows PC viruses and Trojans and just the one for the Mac. I disagree. This Trojan is the first Mac malware to widely spread in the wild. That makes it news.

Early this afternoon, Eastern Daylight Time, I had my first encounter with someone whose computer was infected by the Trojan. That's personal confirmation about the malware being in the wild. One of my daughter's friends called saying that she had received pop-warnings about her vintage-2008 15-inch MacBook Pro being infected with virus. She had been presented with option to purchase MacGuard to fix it. I gave her the laptop about six months ago.

Following my advice, the high school junior used Apple's Mac Defender support document as guidance for removing the malware -- in other words, the instructions work, or appear to. I asked her to write up what happened, which she agreed to do as long as she wasn't identified. This straight-A student has a story to tell, and if a Mac user you should read it. She writes:

"Last night (May 29) while I was on Google, I clicked a link to something completely innocent, just a site that summarizes episodes of K-dramas," she writes, referring to Korean dramas, which are all the rage among female students in some schools here in Southern California. Mac Defender and its variants are known to spread by "SEO poisoning." Clicking a seemingly innocent search link leads to a malware site. But, c`mon, K-dramas?

She continues: "Right after the link completely loaded -- I'm not sure if I accidentally clicked something or not -- [and] out of nowhere this mini pop-up window came up and said that my computer was infected with a virus and to click 'OK' to clean up my computer; something along those lines. I can't remember exactly. And, I'm not gonna lie, it was a bit suspicious at first, but I'm also a pretty gullible person sometimes, so I went ahead and clicked 'OK.'"

Gullibility is a strong undercurrent of my Mac Defender reporting -- that having been told by Apple for years that Macs are invulnerable to viruses, users are unprepared. According to one of two Betanews polls -- asking if anti-malware software is installed on the primary home PC -- 83 percent of Mac users answered no. By comparisons, 87 percent of Windows PC responded yes.

The story continues:

Then it quickly downloaded the installation software (when it happened, at first I was surprised that it was going to install something. I didn't know exactly what would happen, so I just went along with it.) Then it started "scanning" my computer for viruses, and after just the "Quick" scan it said it found something like 55 small viruses and 4 "critical" threads or strings -- something like that, again, I don't remember exactly. Then a pop-up showed saying that the version (or software, not sure exactly) I had wasn't registered, and that to be able to clean my computer, I had to buy it. Obviously via credit card -- that's when I told my parents, and we decided to ask around to see if anyone had hear of this "Mac Guard." We called family friends, and they said that they had never heard of it, and that the Mac Guard itself was probably the virus.

After further consulting her mom, the teen girl decided to wait until today and contact me before buying Mac Guard -- and good thing, too.

Overnight, "I just left my computer alone," she writes. "When I came back to it in the morning, there was a pop-up webpage for a gay-porn website. Shocked after reading the heading for the webpage I quickly fumbled to exit the page. Immediately after, I told my mom, and not a few minutes after I called you. During and after your phone call, there were several other pop-up windows (gay.com; something about buying viagra; etc). Thankfully my computer was momentarily disconnected to the Internet so I spared my eyes the images that would have accompanied the pop-ups."

I told her to leave the MacBook Pro disconnected from her wireless network. I emailed the link to the Apple support document to the family's email address, which she accessed from an old iMac. The high school student printed out the instructions and was "able to properly remove the virus, and, hopefully, I won't have any problems like that again. If anything like that does happen, then I also know what to do."

Apple is preparing a Mac OS X security update that's supposed to protect its users and remove Mac Defender and its variants. Hopefully that will fix her up permanently. But she should still be on guard, and you, too.

Well, my daughter's friend got to live out a holiday drama rather than watch one.