New 'MACDefender' Variant Installs Without Admin Password Requirement

Discussion in 'MacRumors.com News Discussion' started by MacRumors, May 25, 2011.

  1. macrumors bot

    MacRumors

    #1
    [​IMG]


    [​IMG]


    Antivirus firm Intego today reported that it has discovered a new variant of the "MACDefender" malware that ups the ante by not requiring an administrator password for installation. The step is accomplished by installing the application only for the current user.
    Late yesterday, Apple issued its first public notice on the MACDefender malware, providing users with steps for avoiding or removing the software, as well as reporting that a Mac OS X software update to be released in the "coming days" will automatically find and remove MACDefender and its known variants. The update will also alert users if they are about to download one of the malware applications.

    It is unknown whether protection against the new "MacGuard" variant will be included in the software update from Apple, but the company will almost certainly have to keep on its toes to address the quickly evolving threat.

    Article Link: New 'MACDefender' Variant Installs Without Admin Password Requirement
     
  2. macrumors 68020

    Mr. Gates

    #2
    Sorry but I have to do this....


    Hahahahahahaa
     
  3. macrumors member

    #3
    oh snap! :)
     
  4. macrumors 6502a

    42streetsdown

    #4
    you still have to click through the installer right?
     
  5. macrumors 65816

    DeaconGraves

    #5
    I may be misreading things, but you still have to execute the installer correct?
     
  6. macrumors 6502

    MBP13

    #6
    Wow, whomever is behind MACDefender doesn't seem like it's going to give up anytime soon!
     
  7. macrumors G4

    Rodimus Prime

    #7
    my guess is it is only going to get a lot worse from here. It is pretty common trick of the "virus" writing to use one that worked and slightly modify it to work another way or do something else and it gets counted as a different virus using the same hole or same trick.

    I am willing to bet in the future some of theses things like MACDefender are going to install and not do anything real to get themselves noticed for weeks on end and leave a huge hole to allow other stuff to get installed. You can kill off the other stuff installed but because the hole is never plugged new things will keep coming in.
     
  8. macrumors 6502

    #8
    You probably don't have to click through the installer, but you do have to be running as an administrator. Something that no one should ever do on a day to day basis, for any reason.
     
  9. macrumors 6502

    Bonch

    #9
    And so it begins...
     
  10. macrumors member

    #10
    the days of malware free macs are over! No surprise that Apple initially failed to acknowledge the problem.
     
  11. Moderator

    stridemat

    Staff Member

    #11
    Perhaps Apple should issue an 'update' the makes Safari not open downloaded files automatically?
     
  12. macrumors 6502a

    #12
    Uncheck "Open 'safe' files after downloading" in Safari Prefs.
    Downloaded apps will not launch automatically if you uncheck this option in Safari. Not sure about other Browsers. So as long as you don't launch the installer, you are fine.
     
  13. macrumors 6502a

    #13
    Yeah, that should be the default option.
     
  14. macrumors 6502a

    ciTiger

    #14
    This is getting more serious lol
     
  15. Editor emeritus

    longofest

    #15
    The days of malware-free macs have BEEN over. This appears to be the first malware that is actually getting decent press coverage.
     
  16. macrumors 6502

    #16
    That's not correct. It's installing the malware just for the current user. It won't matter whether that user is an Admin or not, it won't need a password in either case.
     
  17. macrumors G5

    jav6454

    #17
    Which is why I have Safari ask me if I want to open a file right after downloading...
     
  18. macrumors 601

    Yvan256

    #18
    "Open files after downloading" should be removed completely.
     
  19. macrumors Pentium

    KnightWRX

    #19
    They've been over for a quite a long time, this is far from the first Mac OS X based trojan.

    Where did you get the impression the days of malware free macs were not over ?
     
  20. macrumors regular

    inket

    #20
    Can't Apple sue them ?
     
  21. macrumors 6502

    MBP13

    #21
    Does that phony Finder window still pop up before MACDefender begins to download itself or does it go straight to the download?
     
  22. macrumors 68030

    Popeye206

    #22
    I love how all the PC guys are happy! LOL!

    Still... not a virus... it's Malware and I'm not clicking "Install".
     
  23. macrumors 68030

    Popeye206

    #23
    Ahhhhh if you can find them. These guys don't make themselves easy to find. They're trying to steal.
     
  24. macrumors regular

    inket

    #24
    It's a package, guys. You still have to click "Next" 4 or 5 times and select the destination drive.
     
  25. macrumors regular

    #25
    Who the hell is downloading this *****??
     

Share This Page