Now, to be clear, there is a simple way to thwart this threat and many argue it should be the default security setting on Safari browser’s on Macs.  Users may simply go to their Safari preferences, select the general tab and then uncheck ‘Open “safe” files after downloading’  By unchecking the default setting that allows files to download and open automatically you again take control over what is programs are installed and files opened on your system.

So the next logical question that comes to mind, after asking how do I stop this attack from infecting my Mac, is how do I better protect my Mac from other threats in general.  Unfortunately, the answer is likely that you’ll now need to consider installing an antivirus and/or other malware protection.  With an antivirus program you begin to fall into the same categories of issues that plague PC users:

• Which antivirus program to use and/or purchase
• Are the free virus scanners as good as the paid ones
• Computer slowdowns dues to antivirus running on your Mac
• Updating and scanning your system

The good news is that there are many antivirus programs currently, and likely more to come with the press given to this threat Mac Guard (a variant and evolution of Mac Protector and Mac Defender).  Some of the names in Mac virus protection are familiar to the PC world and others may be new: Sophos free antivirus for home users and paid business editions, ESET Cybersecurity for Mac on Apple’s web store, Clam AV, and others.

Are Macs now doomed to persistent unheralded threats just like PCs?  I think the time is still a little ways off, but it is certainly time to take notice and address security on your Mac just as you do on your PC.  As with PC users, when people ask me how to best keep their systems safe, my first response is to be smart about where you go and what you do on the Internet and other networks.  However, even websites you would consider safe such as your aunt’s picture webpage of her trip to the Adirondack Mountains can be compromised by the server that hosts the site and infect your system with malware.  So, if users who are smart about their web surfing and don’t share USB thumb drives with their music sharing son can be infected, then the next step is to tighten down the security of your Mac and install additional programs to automatically protect your system.

It is not the end of days for Mac users, but rather should be considered a wake-up to see that all the hype saying that Mac users don’t need antivirus or need to worry about security may have been more due to an advantage of low market share and low interest by virus writers rather than security superiority over PCs.  I like Macs.  I’m writing this post on a Mac.  But security issues are not limited by operating system manufacturer.  More so it depends on the user, how the system is configured and how it is used.  We’ve seen Linux server grossly compromised because they’ve been setup incorrectly alongside Windows servers suffering the same.  Take some time to learn about the security tools and options available for your Mac and enjoy the zen experience Apple offers.

So what are businesses and home computer users to do if just visiting a legitimate website has the potential of infecting your computer?  The first step is to make sure each computer has an anti-virus program installed and updated, such as AVG Internet Security 2011 – 20% off!, with the most recent threat definitions to hopefully block the infection from installing on the computer.  With that in mind, it is usually a good idea to run an anti-spyware program, such as Spybot Search and Destroy, along with an anti-virus program.  Again, the spyware detection program must be updated with the current version and most recent threat definitions to combat the latest threats on the Internet.

So the next issues becomes, what happens if you do everything you’re supposed to: run updated anti-virus, run updated -anti-spyware, go to only “safe” websites, etc… and you still get a virus on your computer.  It is always best to save your data (hopefully you already have a good backup of your computer data) and re-install your computer’s operating system, like WindowsXP, Windows7, etc.  For many reason, I know it is not always feasible or realistic to reinstall Windows if your computer is infected.  In that case you should try to restore your computer to an earlier time, before your computer was infected.  In Windows it is called system restore and does not restore your computer’s data to an earlier time, but restores the underlying settings, in the registry, to the way they were before the virus.

There is too much to write about removing viruses, which is why it is much more important to spend time on blocking them before the infect your computer.  Just like grandma used to say, “an ounce of prevention is worth a pound of cure.”  Take the few minutes necessary to install and setup your antivirus and other security programs to automatically update and protect your computer in the hope you don’t need to spend many hours removing the virus or reinstalling your system.

So I’ll highlight another route that cyber criminals take in an attempt to steal your identity during the holiday season, shipping confirmation emails that appear to come from FedEx, UPS or the USPS.  Again, with many gifts shipped from homes and business along with increased online purchases, identity thieves send out spam emails asking you to verify sipping information with your credit card or ask for personal information to receive and confirm packages.  If you ever receive a request online to confirm any account or personal information, you should open a new browser window and type in the sites address, such as www.fedex.com, and then proceed or call their customer service department.

If you think just because  a link in an email says it it from fedex or goes to bankofamerica.com look out.  In my original example of the Bank of America Alert, there is a link to update your account info, but the link actually goes to awilmer.net not bankofamerica.com.  It really is difficult to differentiate between valid emails and phising scams aimed at stealing your identity and personal information.  Remember though that banks, credit card companies and other valid companies will not request personal, account or credit card info by email.

Here is the Bank of America Alerts email for reference:

Dear Bank of America Customer,

This email was sent by the bank of america server to verify your e-mail address. You must complete this process by clicking on the link below and entering your account information . This is done for your protection , because some of our members no longer have access to their online access and we must verify it. To verify your e-mail address and access your bank account, click on the link below.

Update Info  (http://www.awilmer.net/inc/scurepdat/index.html)

Please fill in the required information.
This is required for us to continue to offer you a safe and risk free environment .

Thank you
Accounts Management

Bank of America, N.A. Member FDIC Privacy Promise Terms & Conditions
Copyright © 2009

As a business executive, CIO or business owner do you know where most threats are coming from that target business networks, computers and users?  Most likely it is not something you have seriously researched.  As business consultants, we focus on knowing as much as possible about threats to business so we can effectively combat their tactics.

Most people, including many IT professionals, assume spam most predominantly originates in China, Nigeria and the former Soviet Republics such as Russia.  Oddly enough spam, its viruses and more importantly rootkits/trojans that allow those criminal enterprises free access to steal information from your computers and use your computers to launch other attacks that steal from additional business originate in some countries not usually associated with online threats, South Korea, Brazil and… the United States.

There are definitely larger and more aggressive threats targeting business networks as well as their servers and computers.  But you cannot minimize or dismiss the serious consequences of a single computer on your company’s internal business domain network.  The reason is, that single compromised computer can be used as a pinhole opening for criminals, either foreign or domestic, to launch more complex and sophisticated attacks to steal your business data, personal employee information or make it appear your computers are attacking other organizations.

Knowing what you know is as important as knowing what you do not know.  If you have any doubts about your business’ current security posture ask a qualified business consultant.

- Tsung Tzu, Art of War, Chapter 3 “Attack by Strategem”

“So it is said that if you know your enemies and know yourself, you can win a thousand battles without a single loss.
If you only know yourself, but not your opponent, you may win or may lose.
If you know neither yourself nor your enemy, you will always endanger yourself.”

That’s right, essentially every computer I’ve seen in the past 3 years that has a peer-to-peer file sharing program on it with free downloaded music, movies, etc has many very dangerous trojans and rootkits on it also.  The most popular one I keep encountering is Limewire.  You may not think it is a big deal that your kids (or you) are downloading some free music from the Internet but is that the same computer you use to connect to your company network using vpn?  Or send out emails on your work or personal account?  Or do your online banking or bill paying?   More often than not the home computer doubles as the after hours work computer.

peer-to-peer P2P file sharing software commonly infects computers with malware (viruses, worms, rootkits, etc.)

Maybe you still don’t think it is a big deal.  Do you know what many of these trojans and rootkits do?  They open up a backdoor to your computer from the Internet without you knowing it; allowing others to fully control your computer, gather data & passwords and infect your computer with more malware, viruses, etc., and  here is another reason Limewire may be a bad idea to have on your system.  Not only do you risk having your identity stolen, losing data and delivering viruses to your friends, family, coworkers and customers but often your computer becomes so slow that you need to have your computer rebuilt or buy a new home computer.  Some of the first scenarios have intangible costs but replacing or rebuilding a computer is several hundred dollars and a whole lot of your time to get it back with all your software customizations and applications installed.

You may want to forgo the free music and sign up with iTunes or another inexpensive music download service or even try out Pandora Internet radio.  Either way, I definitely recommend you do not install any peer-to-peer filesharing programs on your computer and if you already have one installed I give you very good odds that you already have several viruses on your computer…