New 'MACDefender' Variant Installs Without Admin Password Requirement

Discussion in ' News Discussion' started by MacRumors, May 25, 2011.

  1. macrumors bot




    Antivirus firm Intego today reported that it has discovered a new variant of the "MACDefender" malware that ups the ante by not requiring an administrator password for installation. The step is accomplished by installing the application only for the current user.
    Late yesterday, Apple issued its first public notice on the MACDefender malware, providing users with steps for avoiding or removing the software, as well as reporting that a Mac OS X software update to be released in the "coming days" will automatically find and remove MACDefender and its known variants. The update will also alert users if they are about to download one of the malware applications.

    It is unknown whether protection against the new "MacGuard" variant will be included in the software update from Apple, but the company will almost certainly have to keep on its toes to address the quickly evolving threat.

    Article Link: New 'MACDefender' Variant Installs Without Admin Password Requirement
  2. macrumors 68020

    Mr. Gates

    Sorry but I have to do this....

  3. macrumors member

    oh snap! :)
  4. macrumors 6502a


    you still have to click through the installer right?
  5. macrumors 65816


    I may be misreading things, but you still have to execute the installer correct?
  6. macrumors 6502


    Wow, whomever is behind MACDefender doesn't seem like it's going to give up anytime soon!
  7. macrumors G4

    Rodimus Prime

    my guess is it is only going to get a lot worse from here. It is pretty common trick of the "virus" writing to use one that worked and slightly modify it to work another way or do something else and it gets counted as a different virus using the same hole or same trick.

    I am willing to bet in the future some of theses things like MACDefender are going to install and not do anything real to get themselves noticed for weeks on end and leave a huge hole to allow other stuff to get installed. You can kill off the other stuff installed but because the hole is never plugged new things will keep coming in.
  8. macrumors 6502

    You probably don't have to click through the installer, but you do have to be running as an administrator. Something that no one should ever do on a day to day basis, for any reason.
  9. macrumors 6502


    And so it begins...
  10. macrumors member

    the days of malware free macs are over! No surprise that Apple initially failed to acknowledge the problem.
  11. Moderator


    Staff Member

    Perhaps Apple should issue an 'update' the makes Safari not open downloaded files automatically?
  12. macrumors 6502a

    Uncheck "Open 'safe' files after downloading" in Safari Prefs.
    Downloaded apps will not launch automatically if you uncheck this option in Safari. Not sure about other Browsers. So as long as you don't launch the installer, you are fine.
  13. macrumors 6502a

    Yeah, that should be the default option.
  14. macrumors 6502a


    This is getting more serious lol
  15. Editor emeritus


    The days of malware-free macs have BEEN over. This appears to be the first malware that is actually getting decent press coverage.
  16. macrumors 6502

    That's not correct. It's installing the malware just for the current user. It won't matter whether that user is an Admin or not, it won't need a password in either case.
  17. macrumors G5


    Which is why I have Safari ask me if I want to open a file right after downloading...
  18. macrumors 601


    "Open files after downloading" should be removed completely.
  19. macrumors Pentium


    They've been over for a quite a long time, this is far from the first Mac OS X based trojan.

    Where did you get the impression the days of malware free macs were not over ?
  20. macrumors regular


    Can't Apple sue them ?
  21. macrumors 6502


    Does that phony Finder window still pop up before MACDefender begins to download itself or does it go straight to the download?
  22. macrumors 68030


    I love how all the PC guys are happy! LOL!

    Still... not a virus... it's Malware and I'm not clicking "Install".
  23. macrumors 68030


    Ahhhhh if you can find them. These guys don't make themselves easy to find. They're trying to steal.
  24. macrumors regular


    It's a package, guys. You still have to click "Next" 4 or 5 times and select the destination drive.
  25. macrumors regular

    Who the hell is downloading this *****??

Share This Page