Apple Responds Quickly to Evolving 'Mac Defender' Threat With Updated Malware Definitions

Thursday June 2, 2011 7:11 am PDT by Eric Slivka
Yesterday, we noted that the attackers behind the "Mac Defender" malware had moved quickly to combat Apple's new security update, within hours releasing a new variant of the malware that was capable of skirting around Apple's new protection.

Xprotect.plist before (left) and after (right) latest update to address new Mac Defender variant

Fortunately for users, Apple has moved almost as quickly as the attackers, quashing any potential fears that the company might be slow to respond to each new threat that appears. As reported by Italian site Spider-Mac [Google translation], Apple has already issued an update to detect the new variant, pushing out a new entry for "OSX.MacDefender.C" to the Xprotect.plist file that contains the signatures for identifying malware.

After the update, users are indeed presented with a warning if they begin to download the latest variant:


As part of the security update earlier this week, Apple included a system to automatically update the Xprotect.plist anti-malware definitions every 24 hours, giving the company the ability to quickly push out new protection for Mac OS X Snow Leopard users. While this is unlikely to be the end of the Mac Defender attackers' efforts, it does appear that Apple is committed to responding and issuing updates to its users as quickly as the attackers can churn out new variants.

[ 188 comments ]

Top Rated Comments

(View all)

Avatar
0815
111 months ago

The writers of this malware love to see Apple jumping through the hoops they make. This will on,y get worse with 10.7, as per Apples history, new OSes are filled with bugs and exploitable flaws.


You mean like windows where the general advice it not to install it until SP1 is released?
Rating: 18 Votes
Avatar
NebulaClash
111 months ago

The attackers will always be one step ahead...


But if Apple stays only one step behind and closes the holes within 24 hours each time, the attackers will soon learn that there isn't that much to be gained by the effort. They'll have to try another approach.

You know, this relatively benign malware is, on balance, a good thing. This will educate Mac users not to click OK on software they did not choose to install. So that when something really serious shows up, they will know better thanks to this mild version that is merely annoying.
Rating: 17 Votes
Avatar
beg_ne
111 months ago

The writers of this malware love to see Apple jumping through the hoops they make. This will on,y get worse with 10.7, as per Apples history, new OSes are filled with bugs and exploitable flaws.


Completely irrelevant. MacDefender doesn't take advantage of any flaw or bug in OS X. The only flaw in play here is people's gullibility.
Rating: 12 Votes
Avatar
0815
111 months ago

I wouldn't be surprised if the entire thing weren't stage-managed by Apple to give them an argument in favour of a move to an iOS-style Mac App Store-only software model. (Jailbreak your Mac, anyone?)


Here we go again - people running out of real arguments against apple clinging to stupid claims like this ....
Rating: 11 Votes
Avatar
cnixon
111 months ago

You have to install this yourself.... it is NOT a virus... but maleware.

Not sure exactly how OSX is less secure? Maleware has been around for years for OSX.... just don't install the damn thing!


Maleware? What's maleware? Sounds like a line of men's lingerie. :confused:
Rating: 11 Votes
Avatar
angrynstupid
111 months ago
Huh?



This doesn't bode well for Lion's release. Even if these threats don't indicate a material problem with OS X, the fact that Apple has been baited into an arms war makes OS X look less secure.


What kind of logic is this?
Rating: 11 Votes
Avatar
Detrius
111 months ago
Why do people keep thinking this is a security issue with OS X? MacDefender is not taking advantage of any security holes in OS X. It's wholly dependent on social engineering--convincing users to do something that they shouldn't. It's not a security flaw in OS X. Even if it didn't automatically open the installer, it could still talk people into opening the installer. It's good that Apple is doing something about it, but they aren't closing any security holes because there aren't any that are relevant to the situation at hand.

The fix is AdBlock or NoScript, and Apple can't do that.
Rating: 10 Votes
Avatar
millerb7
111 months ago



This doesn't bode well for Lion's release. Even if these threats don't indicate a material problem with OS X, the fact that Apple has been baited into an arms war makes OS X look less secure.


You have to install this yourself.... it is NOT a virus... but maleware.

Not sure exactly how OSX is less secure? Maleware has been around for years for OSX.... just don't install the damn thing!
Rating: 10 Votes
Avatar
0815
111 months ago
I'm getting pretty tired of the MacDefener 'news' updates - its time to go back to the normal life (and malware is part of that - no need for an update every day)

But anyway good to see that it took Apple less than 24h to release an update.


Wonder if there will be a permanent fix in Lion.
Well the current fix is to not install this BS in the first place.


There is no fix for this type of malware ... If the user interacts with an installer, so there is not much that can be done until the installer is out in the wild and a signature for it can be created. Malware authors will always be a step ahead and nothing can be done about it.
Rating: 10 Votes
Avatar
beg_ne
111 months ago

Looking forward to Apple's upcoming version of Patch Tuesday.

...except every week.


Completely clueless. Did you not even read the damn article you posted to?

There will be nothing to 'patch' as the issue isn't a security issue. As others have stated this is little more than social engineering.

Also the detection updates automatically in the background, at least daily. It requires no action from the user and is completely invisible to them.
Rating: 9 Votes

[ Read All Comments ]