Mac OS X Mac Defender Malware Detection
Critical Nessus Plugin ID 54832
SynopsisThe remote Mac OS X host appears to have been compromised.
DescriptionUsing the supplied credentials, Nessus has found evidence that a fake antivirus software named Mac Defender (alternatively, MacDefender, MacGuard, MacProtector or MacSecurity) is installed on the remote Mac OS X host.
The software is typically installed by means of a phishing scam targeting Mac users by redirecting them from legitimate websites to fake ones that tell them their computer is infected with a virus and then offers this software as a solution.
Once installed, the malware will perform a 'scan' that falsely identifies applications such as 'Terminal' or even the shell command 'test' ('[') as infected and will redirect a user's browser to porn sites in an attempt to trick people into purchasing the software in order to 'clean up' their system.
SolutionFollow the steps in Apple's advisory to remove the malware.