Apple Responds Quickly to Evolving 'Mac Defender' Threat With Updated Malware Definitions

Discussion in 'MacRumors.com News Discussion' started by MacRumors, Jun 2, 2011.

  1. macrumors bot

    MacRumors

    Joined:
    Apr 12, 2001
    #1
    [​IMG]


    Yesterday, we noted that the attackers behind the "Mac Defender" malware had moved quickly to combat Apple's new security update, within hours releasing a new variant of the malware that was capable of skirting around Apple's new protection.

    [​IMG]
    Xprotect.plist before (left) and after (right) latest update to address new Mac Defender variant

    Fortunately for users, Apple has moved almost as quickly as the attackers, quashing any potential fears that the company might be slow to respond to each new threat that appears. As reported by Italian site Spider-Mac [Google translation], Apple has already issued an update to detect the new variant, pushing out a new entry for "OSX.MacDefender.C" to the Xprotect.plist file that contains the signatures for identifying malware.

    After the update, users are indeed presented with a warning if they begin to download the latest variant:

    [​IMG]

    As part of the security update earlier this week, Apple included a system to automatically update the Xprotect.plist anti-malware definitions every 24 hours, giving the company the ability to quickly push out new protection for Mac OS X Snow Leopard users. While this is unlikely to be the end of the Mac Defender attackers' efforts, it does appear that Apple is committed to responding and issuing updates to its users as quickly as the attackers can churn out new variants.

    Article Link: Apple Responds Quickly to Evolving 'Mac Defender' Threat With Updated Malware Definitions
     
  2. macrumors 68030

    Steve121178

    Joined:
    Apr 13, 2010
    Location:
    Bedfordshire, UK
    #2
    The attackers will always be one step ahead...
     
  3. macrumors 65816

    iStudentUK

    Joined:
    Mar 8, 2009
    Location:
    London
    #3
    The war continues.

    Soon we will see Apple and MacDefender standing off, each with enough missiles to destroy the other.
     
  4. macrumors 65816

    Gemütlichkeit

    Joined:
    Nov 17, 2010
    #4
    Wonder if there will be a permanent fix in Lion.


    Well the current fix is to not install this BS in the first place.
     
  5. 0815, Jun 2, 2011
    Last edited: Jun 2, 2011

    macrumors 68000

    0815

    Joined:
    Jul 9, 2010
    Location:
    here and there
    #5
    I'm getting pretty tired of the MacDefener 'news' updates - its time to go back to the normal life (and malware is part of that - no need for an update every day)

    But anyway good to see that it took Apple less than 24h to release an update.


    There is no fix for this type of malware ... If the user interacts with an installer, so there is not much that can be done until the installer is out in the wild and a signature for it can be created. Malware authors will always be a step ahead and nothing can be done about it.
     
  6. macrumors 6502

    justinfreid

    Joined:
    Nov 24, 2009
    Location:
    NEW Jersey / USA
    #6
    Wirelessly posted (Mozilla/5.0 (iPhone; U; CPU iPhone OS 4_3_3 like Mac OS X; en-us) AppleWebKit/533.17.9 (KHTML, like Gecko) Version/5.0.2 Mobile/8J2 Safari/6533.18.5)

    This doesn't bode well for Lion's release. Even if these threats don't indicate a material problem with OS X, the fact that Apple has been baited into an arms war makes OS X look less secure.
     
  7. macrumors 65816

    ImNoSuperMan

    Joined:
    Dec 1, 2005
    #7
    Good to see apple responding so quickly.

    Though I dont really like this current situation. Where are the good old days when no hackers even bothered to create malware for Macs? Stop buying so many macs people :D
     
  8. macrumors Core

    miles01110

    Joined:
    Jul 24, 2006
    Location:
    The Ivory Tower (I'm not coming down)
    #8
    Looking forward to Apple's upcoming version of Patch Tuesday.

    ...except every week.
     
  9. macrumors 68000

    NebulaClash

    Joined:
    Feb 4, 2010
    #9
    But if Apple stays only one step behind and closes the holes within 24 hours each time, the attackers will soon learn that there isn't that much to be gained by the effort. They'll have to try another approach.

    You know, this relatively benign malware is, on balance, a good thing. This will educate Mac users not to click OK on software they did not choose to install. So that when something really serious shows up, they will know better thanks to this mild version that is merely annoying.
     
  10. macrumors 6502a

    Joined:
    Jun 9, 2010
    #10
    You have to install this yourself.... it is NOT a virus... but maleware.

    Not sure exactly how OSX is less secure? Maleware has been around for years for OSX.... just don't install the damn thing!
     
  11. macrumors 6502a

    Joined:
    Aug 3, 2010
    #11
    Yes, they can of course release a new variant any day. Same as with the battle on other platforms. But what's important here is that this will keep the attacks from becoming widespread. Unless people keep clicking on all new variants all the time... (remember that this is a trojan, not a virus)
     
  12. macrumors 68030

    Full of Win

    Joined:
    Nov 22, 2007
    Location:
    Ask Apple
    #12
    The writers of this malware love to see Apple jumping through the hoops they make. This will on,y get worse with 10.7, as per Apples history, new OSes are filled with bugs and exploitable flaws.
     
  13. macrumors regular

    Joined:
    Jan 26, 2010
    Location:
    Michigan
    #13
    Huh?

    What kind of logic is this?
     
  14. macrumors 68000

    0815

    Joined:
    Jul 9, 2010
    Location:
    here and there
    #14
    You mean like windows where the general advice it not to install it until SP1 is released?
     
  15. macrumors 6502

    Joined:
    Jan 10, 2005
    Location:
    Earth, mostly.
    #15
    There are two types of people in this world, those who create and those who destroy. I can't wait for the pimply adolescents behind the MacDefender stunt to be tracked down. How funny to have a career ending moment before it even begins.
     
  16. macrumors regular

    hexx

    Joined:
    Jan 3, 2010
    Location:
    London, UK, \m/
    #16
    just bring mac app store for default way of installing software and problem solved :) i know it's not gonna happen but it works fine on iOS devices - no malware
     
  17. macrumors member

    Joined:
    Nov 17, 2010
    #17
    Maleware? What's maleware? Sounds like a line of men's lingerie. :confused:
     
  18. macrumors 6502a

    zweigand

    Joined:
    Oct 19, 2003
    #18
    Man I hope this is the last round of Mac Defender tennis coverage.
     
  19. macrumors regular

    Joined:
    Dec 15, 2008
    #19
    Im thinking perhaps we should stop reporting this now.........
     
  20. macrumors 65816

    Joined:
    Feb 11, 2007
    #20
    haha, I haven't heard this line in a while since Windows 7 came out. Windows 7 was a huge step in the right direction for MS as evidenced by lots of large IT departments rolling it out pre-SP1. This might have been due to the long and detailed beta test cycle, and fact that XP was over a decade old!
     
  21. macrumors member

    KaneBaker

    Joined:
    Oct 15, 2009
    #21
    Might as well call the mac a console at that point then.
     
  22. macrumors 68000

    Joined:
    Sep 10, 2008
    Location:
    Asheville, NC
    #22
    Why do people keep thinking this is a security issue with OS X? MacDefender is not taking advantage of any security holes in OS X. It's wholly dependent on social engineering--convincing users to do something that they shouldn't. It's not a security flaw in OS X. Even if it didn't automatically open the installer, it could still talk people into opening the installer. It's good that Apple is doing something about it, but they aren't closing any security holes because there aren't any that are relevant to the situation at hand.

    The fix is AdBlock or NoScript, and Apple can't do that.
     
  23. macrumors 6502

    Joined:
    Jul 3, 2003
    #23
    Completely irrelevant. MacDefender doesn't take advantage of any flaw or bug in OS X. The only flaw in play here is people's gullibility.
     
  24. macrumors member

    Joined:
    May 3, 2011
    #24
    Strange game. The only winning move is not to play.
     
  25. gnasher729, Jun 2, 2011
    Last edited: Jun 2, 2011

    macrumors G5

    gnasher729

    Joined:
    Nov 25, 2005
    #25
    The attackers will always be two steps behind any user with a brain. So you may be worried; I'm not.


    The big step would be a setting in "User Preferences" that needs to be turned on to allow any applications to be installed, or any downloaded applications to run. That setting would have to be turned on by the user, and would turn itself off after 15 minutes. Installer and Finder trying to start applications would show a message what to do when needed (a verbal message; user has to figure out how to do it himself). Result: Users trying to install legitimate apps are slightly inconvenienced; clueless users can't install MacDefender if they try; and users who know enough to figure out how to install MacDefender should be clever enough not to do it.
     

Share This Page