New 'MACDefender' Variant Installs Without Admin Password Requirement
Antivirus firm Intego today reported that it has discovered a new variant of the "MACDefender" malware that ups the ante by not requiring an administrator password for installation. The step is accomplished by installing the application only for the current user.
Unlike the previous variants of this fake antivirus, no administrator's password is required to install this program. Since any user with an administrator's account - the default if there is just one user on a Mac - can install software in the Applications folder, a password is not needed. This package installs an application - the downloader - named avRunner, which then launches automatically. At the same time, the installation package deletes itself from the user's Mac, so no traces of the original installer are left behind.Late yesterday, Apple issued its first public notice on the MACDefender malware, providing users with steps for avoiding or removing the software, as well as reporting that a Mac OS X software update to be released in the "coming days" will automatically find and remove MACDefender and its known variants. The update will also alert users if they are about to download one of the malware applications.
The second part of the malware is a new version of the MacDefender application called MacGuard. This is downloaded by the avRunner application from an IP address that is hidden in an image file in the avRunner application's Resources folder.
It is unknown whether protection against the new "MacGuard" variant will be included in the software update from Apple, but the company will almost certainly have to keep on its toes to address the quickly evolving threat.
Top Rated Comments
(View all)
26 months ago
Perhaps Apple should issue an 'update' the makes Safari not open downloaded files automatically?
26 months ago
It's a package, guys. You still have to click "Next" 4 or 5 times and select the destination drive.
26 months ago
the days of malware free macs are over! No surprise that Apple initially failed to acknowledge the problem.
The days of malware-free macs have BEEN over (http://www.macrumors.com/2006/02/16/mac-os-x-virus-trojan-summary/). This appears to be the first malware that is actually getting decent press coverage.
26 months ago
One Word:
MACDEFENDER
;)
Not a virus. Honestly there should be a sticky thread or something explaining what a virus is.
26 months ago
Do you like contradicting yourself? We can go back and forth between "virus"/malware argument but what's the point.
I have not contradicted myself. Go back and forth on what ? Virus is a type of malware. Spyware is another. Trojans are yet another.
There are Mac malware out in the wild.
There aren't any Mac viruses out in the wild.
Both statements are true.
26 months ago
my guess is it is only going to get a lot worse from here. It is pretty common trick of the "virus" writing to use one that worked and slightly modify it to work another way or do something else and it gets counted as a different virus using the same hole or same trick.
I am willing to bet in the future some of theses things like MACDefender are going to install and not do anything real to get themselves noticed for weeks on end and leave a huge hole to allow other stuff to get installed. You can kill off the other stuff installed but because the hole is never plugged new things will keep coming in.
I am willing to bet in the future some of theses things like MACDefender are going to install and not do anything real to get themselves noticed for weeks on end and leave a huge hole to allow other stuff to get installed. You can kill off the other stuff installed but because the hole is never plugged new things will keep coming in.
26 months ago
Uncheck "Open 'safe' files after downloading" in Safari Prefs.
Downloaded apps will not launch automatically if you uncheck this option in Safari. Not sure about other Browsers. So as long as you don't launch the installer, you are fine.
Downloaded apps will not launch automatically if you uncheck this option in Safari. Not sure about other Browsers. So as long as you don't launch the installer, you are fine.
26 months ago
apple should start catering to real mac users again, and not to the lowest common demonator = pc users!
Most Mac users used to be Windows users at one time or another. Including yours truly.
WTF is a "demonator"?
26 months ago
I may be misreading things, but you still have to execute the installer correct?
[ Read All Comments ]
Millward Brown today released its annual BrandZ study of global brands (via AllThingsD), which found Apple to be the world's most valuable brand for the third straight year.
Although Apple...
Bioware and LucasArts’ Star Wars role-playing game Knights of the Old Republic may be coming to the iPad in the near future, reports IGN, after obtaining a revealing email newsletter that Aspyr...
VUDU, the third most popular internet video-on-demand provider behind Apple's iTunes and Amazon's Instant Video, today updated its app with a feature that allows users to download movies for...
Following the opening of a new retail location in Melbourne last month, Apple is set to open another Australian Apple Store on May 25, this time in Adelaide.
The Adelaide Apple Store will be...
The Burj Al Arab hotel in Dubai is perhaps the world's most luxurious hotel, and the latest addition continues that tradition. The seven-star hotel is now giving 24-carat gold-plated iPads from...
Just as Yahoo has announced its acquisition of Tumblr, the Tumblr team has released an update for its iOS app bringing a redesigned user interface that offers up a brand new post type chooser,...
Anatolia News Agency reports that Turkish prime minister Recep Tayyip Erdoğan visited Apple yesterday as part of a tour of Silicon Valley companies ahead of the country's move to purchase 10.6...
Gameloft is offering up two of its most popular games for free this weekend. Both N.O.V.A. 3 - Near Orbit Vanguard Alliance and Gangstar Rio: City of Saints can be downloaded at no cost for the first...
