Following the emergence of a new variant of the MACDefender trojan, Apple has automatically updated its internal Mac OS X malware definitions.
Apple’s latest Mac OS X security update (Security Update 2011-003 (Snow Leopard)) included new functionality that allows Mac OS X’s anti-malware definition file to update itself without users having to manually download and install a security update.
This definition file update detects the latest variant, which Apple calls “OSX.MacDefender.C,” and alerts Mac OS X users to the presence of the new variant.
[Thanks to MacDailyNews Reader “Fred Mertz” for the heads up.]
Related articles:
MACDefender trojan variant bypasses Mac OS X anti-malware software – June 1, 2011
Apple releases Security Update 2011-003 (Snow Leopard); blocks and removes MACDefender trojan – May 31, 2011
Apple: How to avoid or remove MACDefender malware (permanent fix coming in Mac OS X update) – May 24, 2011
MACDefender trojan protection and removal guide – May 20, 2011
Apple investigating ‘MACDefender’ trojan – May 19, 2011
Apple malware: 6 years of crying wolf – May 6, 2011
Is Mac under a virus attack? No. – May 4, 2011
Intego: MACDefender rogue anti-malware program attacks Macs via SEO poisoning – May 2, 2011
Cat and mouse. Lets see who wins.
Been using Sophos anti-vir/anti-trojan. It’s descreet, works in the background, updates its self and quareteens threats automatically. Best of all it was free. AVG link scanner does a real good job of alerting you to links that go to dangerous sites. Also free.
As has been said on this site many times, having your head in the right place is the best defense. Safe surfing is kinda like safe sex, be careful what you click on. Practice extra caution in unkown areas. Who wins? The careful surfer, that’s who.
I wonder who’s paying people to advertise for Sophos here.
I’d guess Sophos…
The game has begun, but the Apple mouse has a major advantage over the Windows mouse due to its OS structure.
On another note, here in Canada, while browsing through the Mac fanatic website (this one) for the latest news, what kind of ads do I see? A major ad at the top of the page for Motorola Xoom and Telus cell service provider, advertising “No-Fee Data Sharing”! This ain’t the 1st time Apple competitors have had their ads posted on this site, a site built for Apple fans! Me thinks the ones running this site should have some kind of “rule of limitations” for their revenue producing advertising service! Anyone disagree?
Why? No one here will buy their stuff and MDN laughs all the way to the bank!
I agree with Mua. MDN needs to make money, so let them advertise whatever pays the bills. We just scroll down. I am happy they keep me updated for free (for me).
Once the kids grow up they will find other crimes are more profitable. This is just a lark. Seal team 6 will find them.
Sophos does do a good job of alerting for these kiddie jabs, and quarantines promptly. The files themselves have both a Mac and a windoze package in a .zip container. If you’ve turned off ‘open safe files’ in Safari, you’re good to go at any rate. Where Apple is needed is in getting Safari to ignore these things from the get.
Sophos must really be hoping this Mac Defender thing brings in the fear-based buyers. You have to wonder if these anti-virus peddlers aren’t helping to fund some of this malware behind the scenes, to justify their existence.
Sophos is free, at least the version I’m talking about is.
“First one’s free, kid.”
Why would I waste processor cycles on something, even if it’s free? There has yet to be a major threat to OS X security. When self installing and/or self replicating threats appear I may consider it. Till then it’s just a waste of computer resources. Unless this Sophos plans to start paying me to use it.
That’s it you guys, just hide yer little heads in the sand like good little ostriches. It’s always easier to than admitting there’s something going on outside the castle walls. You’re just the kind of users that virus writers depend on to keep them in business.
Im starting to think the “salad days” are over. Anyone who thinks it can’t happen to me because I’m on a Mac has his head buried in the sand. It’s obvious the cyber thugs see new opportunity in OS X users and won’t stop. If anything I see more malware/virus/Trojans on the Mac horizon. I’m not a hater, it’s just the writing on the wall.
So has this whole thing left you with a feeling of having your salad tossed then ? 😉
This ain’t going to happen to me because I’m not going to click “next” four times then “install” when if an unexpected installer pops up while I’m surfing the web.
+1
So many people automatically assume this is going to follow the same path Windows malware has followed. It won’t. Snow Leopard is nothing like XP.
Exactly. This is why this trojan doesn’t have me worried at all. Now, find a way to exploit the OS, not the user, and I’ll worry.
——RM
When there is a Mac virus or worm propagating in the wild, then I might be concerned. But I laugh at trojans.
Caution is a wise move, panic is not. The media has made far too much of a lame trojan. It was actually a good wakeup call for Mac users to realize that they are responsible for the security of their Macs. Don’t be stupid!
Gruber said it really well on last week’s episode of The Talk Show:
[…] they think that any time something like this happens, step one is that the only rational thing to do about it would be to set your hair on fire. And then proceed from there. And that if you *don’t* start by setting your hair on fire, you’re not taking it seriously, you’re in denial, can’t face facts, can’t admit that the myth of blah blah blah is over… it’s just tiresome.
I think the main reason why there are forces pushing for the panic and fear-based reactions, is that there are companies (Sophos, Norton, McAfee, etc.) who stand to gain financially from people being frightened into buying something they don’t really need that won’t really help.
hey vanilla, you don’t speak for everyone, so quit slamming those who choose to be extra careful.
Many of them aren’t worried about these novel drive-by attacks, they’re worried because they’re so damn poor and in their attempt to keep food on the table, they make extremely risky decisions by downloading illegal software.
If the fscking economy were better balanced and everyone had a job, these folks wouldn’t have to live on the edge.
I DO NOT CONDONE using illegally acquired software, but I can’t find fault in someone who would jeopardize his own freedom trying to feed his crying kids.
AV software is free and they should use it.
Opened my Macbook Pro the other morning (not a boot) and to my surprise the Mac Defender web page was on Safari. I have “open safe files after download unchecked”. My Macbook Pro did not install the MacDefender Installer and I did not click on OK or Cancel the Mac Defender Scan box. Safari would not quit, I had to force quit Safari with option-command-escape. That was the end of it. I checked Activity Monitor and Downloads. No problem. This kind of attack can be sucessful if the Mac user is unprepared. In Safari-Preferences-General Do Not Check the box that says “open safe files after download”. My Mac continues to be virus, malware and spyware free.
There is a very simple solution to this. Instead of putting the security update on each Mac, centralize it Apple. When a file is downloaded from Safari, have Safari automatically check if the file is on the black list. Such a list could be updated as fast as the bad guys can change while downloaded updates will always lag.
An interesting idea, but there’s some huge potential problems with it.
– Apple’s security servers could be overwhelmed from normal use, with every mac hitting it every time anything is downloaded.
– There would be a delay every time a mac user downloads any file. This delay could get really long if apple’s security servers are overwhelmed.
– It’s wide open for DDOS attacks. It would take about five seconds to write the script too – it would just have to repetitively download anything on a mac to ping the security server into oblivion. An attack like that would be without a doubt the first response the bad guys would have.
This is what I like so much about how Apple handled it: It’s incredibly simple, yet not vulnerable to conventional hacking. Apple’s internal self updating black list leaves the creators of Mac Trojans with very few options: they either have to waste their own time and resources creating new variants every 24 hours or go out of business.
It’s sobering to look at the file that the security update modifies, XProtect.plist- it’s a list of threats to OSX. And, gee whiz, it’s totally crowded at eight, count ’em, eight, entries. Anyone willing to count the entries in a windoze threat list…?
You have to wear a condom when using Windows. Using the computer feels detach and has no personal feeling into it.
I wear nothing using a Mac. Boyyyyy does it feel oh so good!!! 😉
24 years of using a Mac. Online and downloading every day. I have never had a virus on any of my Macs. Never. And I will not download a program from a company that can’t afford literate shills. People who use words they can’t spell, or are too lazy to look up, only convince me they’re idiots.