Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

MacRumors

macrumors bot
Original poster
Apr 12, 2001
68,622
39,496



Yesterday, we noted that the attackers behind the "Mac Defender" malware had moved quickly to combat Apple's new security update, within hours releasing a new variant of the malware that was capable of skirting around Apple's new protection.


Xprotect.plist before (left) and after (right) latest update to address new Mac Defender variant

Fortunately for users, Apple has moved almost as quickly as the attackers, quashing any potential fears that the company might be slow to respond to each new threat that appears. As reported by Italian site Spider-Mac [Google translation], Apple has already issued an update to detect the new variant, pushing out a new entry for "OSX.MacDefender.C" to the Xprotect.plist file that contains the signatures for identifying malware.

After the update, users are indeed presented with a warning if they begin to download the latest variant:

macdefender_mdinstall_warning.jpg

As part of the security update earlier this week, Apple included a system to automatically update the Xprotect.plist anti-malware definitions every 24 hours, giving the company the ability to quickly push out new protection for Mac OS X Snow Leopard users. While this is unlikely to be the end of the Mac Defender attackers' efforts, it does appear that Apple is committed to responding and issuing updates to its users as quickly as the attackers can churn out new variants.

Article Link: Apple Responds Quickly to Evolving 'Mac Defender' Threat With Updated Malware Definitions
 
The war continues.

Soon we will see Apple and MacDefender standing off, each with enough missiles to destroy the other.
 
Wonder if there will be a permanent fix in Lion.


Well the current fix is to not install this BS in the first place.
 
I'm getting pretty tired of the MacDefener 'news' updates - its time to go back to the normal life (and malware is part of that - no need for an update every day)

But anyway good to see that it took Apple less than 24h to release an update.


Wonder if there will be a permanent fix in Lion.
Well the current fix is to not install this BS in the first place.

There is no fix for this type of malware ... If the user interacts with an installer, so there is not much that can be done until the installer is out in the wild and a signature for it can be created. Malware authors will always be a step ahead and nothing can be done about it.
 
Last edited:
Wirelessly posted (Mozilla/5.0 (iPhone; U; CPU iPhone OS 4_3_3 like Mac OS X; en-us) AppleWebKit/533.17.9 (KHTML, like Gecko) Version/5.0.2 Mobile/8J2 Safari/6533.18.5)

This doesn't bode well for Lion's release. Even if these threats don't indicate a material problem with OS X, the fact that Apple has been baited into an arms war makes OS X look less secure.
 
Good to see apple responding so quickly.

Though I dont really like this current situation. Where are the good old days when no hackers even bothered to create malware for Macs? Stop buying so many macs people :D
 
The attackers will always be one step ahead...

But if Apple stays only one step behind and closes the holes within 24 hours each time, the attackers will soon learn that there isn't that much to be gained by the effort. They'll have to try another approach.

You know, this relatively benign malware is, on balance, a good thing. This will educate Mac users not to click OK on software they did not choose to install. So that when something really serious shows up, they will know better thanks to this mild version that is merely annoying.
 
Wirelessly posted (Mozilla/5.0 (iPhone; U; CPU iPhone OS 4_3_3 like Mac OS X; en-us) AppleWebKit/533.17.9 (KHTML, like Gecko) Version/5.0.2 Mobile/8J2 Safari/6533.18.5)

This doesn't bode well for Lion's release. Even if these threats don't indicate a material problem with OS X, the fact that Apple has been baited into an arms war makes OS X look less secure.

You have to install this yourself.... it is NOT a virus... but maleware.

Not sure exactly how OSX is less secure? Maleware has been around for years for OSX.... just don't install the damn thing!
 
The attackers will always be one step ahead...

Yes, they can of course release a new variant any day. Same as with the battle on other platforms. But what's important here is that this will keep the attacks from becoming widespread. Unless people keep clicking on all new variants all the time... (remember that this is a trojan, not a virus)
 
The writers of this malware love to see Apple jumping through the hoops they make. This will on,y get worse with 10.7, as per Apples history, new OSes are filled with bugs and exploitable flaws.
 
Huh?

Wirelessly posted (Mozilla/5.0 (iPhone; U; CPU iPhone OS 4_3_3 like Mac OS X; en-us) AppleWebKit/533.17.9 (KHTML, like Gecko) Version/5.0.2 Mobile/8J2 Safari/6533.18.5)

This doesn't bode well for Lion's release. Even if these threats don't indicate a material problem with OS X, the fact that Apple has been baited into an arms war makes OS X look less secure.

What kind of logic is this?
 
There are two types of people in this world, those who create and those who destroy. I can't wait for the pimply adolescents behind the MacDefender stunt to be tracked down. How funny to have a career ending moment before it even begins.
 
just bring mac app store for default way of installing software and problem solved :) i know it's not gonna happen but it works fine on iOS devices - no malware
 
You have to install this yourself.... it is NOT a virus... but maleware.

Not sure exactly how OSX is less secure? Maleware has been around for years for OSX.... just don't install the damn thing!

Maleware? What's maleware? Sounds like a line of men's lingerie. :confused:
 
You mean like windows where the general advice it not to install it until SP1 is released?

haha, I haven't heard this line in a while since Windows 7 came out. Windows 7 was a huge step in the right direction for MS as evidenced by lots of large IT departments rolling it out pre-SP1. This might have been due to the long and detailed beta test cycle, and fact that XP was over a decade old!
 
just bring mac app store for default way of installing software and problem solved :) i know it's not gonna happen but it works fine on iOS devices - no malware

Might as well call the mac a console at that point then.
 
Why do people keep thinking this is a security issue with OS X? MacDefender is not taking advantage of any security holes in OS X. It's wholly dependent on social engineering--convincing users to do something that they shouldn't. It's not a security flaw in OS X. Even if it didn't automatically open the installer, it could still talk people into opening the installer. It's good that Apple is doing something about it, but they aren't closing any security holes because there aren't any that are relevant to the situation at hand.

The fix is AdBlock or NoScript, and Apple can't do that.
 
The writers of this malware love to see Apple jumping through the hoops they make. This will on,y get worse with 10.7, as per Apples history, new OSes are filled with bugs and exploitable flaws.

Completely irrelevant. MacDefender doesn't take advantage of any flaw or bug in OS X. The only flaw in play here is people's gullibility.
 
The attackers will always be one step ahead...

The attackers will always be two steps behind any user with a brain. So you may be worried; I'm not.


just bring mac app store for default way of installing software and problem solved :) i know it's not gonna happen but it works fine on iOS devices - no malware

The big step would be a setting in "User Preferences" that needs to be turned on to allow any applications to be installed, or any downloaded applications to run. That setting would have to be turned on by the user, and would turn itself off after 15 minutes. Installer and Finder trying to start applications would show a message what to do when needed (a verbal message; user has to figure out how to do it himself). Result: Users trying to install legitimate apps are slightly inconvenienced; clueless users can't install MacDefender if they try; and users who know enough to figure out how to install MacDefender should be clever enough not to do it.
 
Last edited:
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.