(This MACDefender isn't in any way associated with the German company called MacDefender that runs the MacDefender.org Web site and writes geocaching and other GPS-related software.)
A specific combination of actions needs to occur for MACDefender to be downloaded and installed, including visiting a poisoned Web site, and then entering an admin password in the installer. If this happens, MACDefender adds itself to the login items, displays a menu bar icon, and looks like a real antivirus program. See the Intego security memo for screenshots of what it looks like.
MACDefender's goal appears to be to scam users into paying for the program, and to that end, it claims to find viruses and also opens porn sites in the user's browser every few minutes in an attempt to make the user think they're infected. After paying, the
warnings disappear. Of course, it's entirely likely that the purchase process is designed as much to steal credit card numbers as to make money from purchases, given that the charges can be reversed if the user discovers the scam.
MacDefender is an example of “scareware,” an increasingly popular type of malware that attempts to trick users into thinking they are infected with viruses in order to extort money (and credit card numbers).
