New 'MACDefender' Variant Installs Without Admin Password Requirement

Discussion in 'MacRumors.com News Discussion' started by MacRumors, May 25, 2011.

  1. macrumors bot

    MacRumors

    Joined:
    Apr 12, 2001
    #1
    [​IMG]


    [​IMG]


    Antivirus firm Intego today reported that it has discovered a new variant of the "MACDefender" malware that ups the ante by not requiring an administrator password for installation. The step is accomplished by installing the application only for the current user.
    Late yesterday, Apple issued its first public notice on the MACDefender malware, providing users with steps for avoiding or removing the software, as well as reporting that a Mac OS X software update to be released in the "coming days" will automatically find and remove MACDefender and its known variants. The update will also alert users if they are about to download one of the malware applications.

    It is unknown whether protection against the new "MacGuard" variant will be included in the software update from Apple, but the company will almost certainly have to keep on its toes to address the quickly evolving threat.

    Article Link: New 'MACDefender' Variant Installs Without Admin Password Requirement
     
  2. macrumors 68020

    Mr. Gates

    Joined:
    Jun 17, 2009
    Location:
    --Redmond --------- ----------------Washington---
    #2
    Sorry but I have to do this....


    Hahahahahahaa
     
  3. macrumors member

    Joined:
    Feb 23, 2009
    Location:
    usa
  4. macrumors 6502a

    42streetsdown

    Joined:
    Feb 12, 2011
    Location:
    Gallifrey, 5124
    #4
    you still have to click through the installer right?
     
  5. macrumors 65816

    DeaconGraves

    Joined:
    Apr 25, 2007
    Location:
    Dallas, TX
    #5
    I may be misreading things, but you still have to execute the installer correct?
     
  6. macrumors 6502

    MBP13

    Joined:
    Mar 13, 2011
    #6
    Wow, whomever is behind MACDefender doesn't seem like it's going to give up anytime soon!
     
  7. macrumors G4

    Rodimus Prime

    Joined:
    Oct 9, 2006
    #7
    my guess is it is only going to get a lot worse from here. It is pretty common trick of the "virus" writing to use one that worked and slightly modify it to work another way or do something else and it gets counted as a different virus using the same hole or same trick.

    I am willing to bet in the future some of theses things like MACDefender are going to install and not do anything real to get themselves noticed for weeks on end and leave a huge hole to allow other stuff to get installed. You can kill off the other stuff installed but because the hole is never plugged new things will keep coming in.
     
  8. macrumors 6502

    Joined:
    Feb 17, 2008
    #8
    You probably don't have to click through the installer, but you do have to be running as an administrator. Something that no one should ever do on a day to day basis, for any reason.
     
  9. macrumors 6502

    Bonch

    Joined:
    May 28, 2005
    Location:
    Lithuania
  10. macrumors member

    Joined:
    Sep 16, 2009
    #10
    the days of malware free macs are over! No surprise that Apple initially failed to acknowledge the problem.
     
  11. Moderator

    stridemat

    Staff Member

    Joined:
    Apr 2, 2008
    Location:
    Southampton, UK
    #11
    Perhaps Apple should issue an 'update' the makes Safari not open downloaded files automatically?
     
  12. macrumors 6502a

    Joined:
    Dec 18, 2003
    Location:
    New London, NH
    #12
    Uncheck "Open 'safe' files after downloading" in Safari Prefs.
    Downloaded apps will not launch automatically if you uncheck this option in Safari. Not sure about other Browsers. So as long as you don't launch the installer, you are fine.
     
  13. macrumors 6502a

    Joined:
    Sep 21, 2009
    Location:
    Tennessee
    #13
    Yeah, that should be the default option.
     
  14. macrumors 6502a

    ciTiger

    Joined:
    Jan 25, 2011
    Location:
    Portugal (Porto)
  15. Editor emeritus

    longofest

    Joined:
    Jul 10, 2003
    Location:
    Falls Church, VA
    #15
    The days of malware-free macs have BEEN over. This appears to be the first malware that is actually getting decent press coverage.
     
  16. macrumors 6502

    Joined:
    Jul 22, 2008
    Location:
    UK
    #16
    That's not correct. It's installing the malware just for the current user. It won't matter whether that user is an Admin or not, it won't need a password in either case.
     
  17. macrumors G5

    jav6454

    Joined:
    Nov 14, 2007
    Location:
    1 Geostationary Tower Plaza
    #17
    Which is why I have Safari ask me if I want to open a file right after downloading...
     
  18. macrumors 601

    Yvan256

    Joined:
    Jul 5, 2004
    Location:
    Canada
    #18
    "Open files after downloading" should be removed completely.
     
  19. macrumors Pentium

    KnightWRX

    Joined:
    Jan 28, 2009
    Location:
    Quebec, Canada
    #19
    They've been over for a quite a long time, this is far from the first Mac OS X based trojan.

    Where did you get the impression the days of malware free macs were not over ?
     
  20. macrumors regular

    inket

    Joined:
    Dec 23, 2009
  21. macrumors 6502

    MBP13

    Joined:
    Mar 13, 2011
    #21
    Does that phony Finder window still pop up before MACDefender begins to download itself or does it go straight to the download?
     
  22. macrumors 68030

    Popeye206

    Joined:
    Sep 6, 2007
    Location:
    NE PA USA
    #22
    I love how all the PC guys are happy! LOL!

    Still... not a virus... it's Malware and I'm not clicking "Install".
     
  23. macrumors 68030

    Popeye206

    Joined:
    Sep 6, 2007
    Location:
    NE PA USA
    #23
    Ahhhhh if you can find them. These guys don't make themselves easy to find. They're trying to steal.
     
  24. macrumors regular

    inket

    Joined:
    Dec 23, 2009
    #24
    It's a package, guys. You still have to click "Next" 4 or 5 times and select the destination drive.
     
  25. macrumors regular

    Joined:
    Oct 29, 2008

Share This Page