Apple Responds Quickly to Evolving 'Mac Defender' Threat With Updated Malware Definitions

Discussion in ' News Discussion' started by MacRumors, Jun 2, 2011.

  1. MacRumors macrumors bot


    Apr 12, 2001

    Yesterday, we noted that the attackers behind the "Mac Defender" malware had moved quickly to combat Apple's new security update, within hours releasing a new variant of the malware that was capable of skirting around Apple's new protection.

    Xprotect.plist before (left) and after (right) latest update to address new Mac Defender variant

    Fortunately for users, Apple has moved almost as quickly as the attackers, quashing any potential fears that the company might be slow to respond to each new threat that appears. As reported by Italian site Spider-Mac [Google translation], Apple has already issued an update to detect the new variant, pushing out a new entry for "OSX.MacDefender.C" to the Xprotect.plist file that contains the signatures for identifying malware.

    After the update, users are indeed presented with a warning if they begin to download the latest variant:


    As part of the security update earlier this week, Apple included a system to automatically update the Xprotect.plist anti-malware definitions every 24 hours, giving the company the ability to quickly push out new protection for Mac OS X Snow Leopard users. While this is unlikely to be the end of the Mac Defender attackers' efforts, it does appear that Apple is committed to responding and issuing updates to its users as quickly as the attackers can churn out new variants.

    Article Link: Apple Responds Quickly to Evolving 'Mac Defender' Threat With Updated Malware Definitions
  2. Steve121178 macrumors 68040


    Apr 13, 2010
    Bedfordshire, UK
    The attackers will always be one step ahead...
  3. iStudentUK macrumors 65816


    Mar 8, 2009
    The war continues.

    Soon we will see Apple and MacDefender standing off, each with enough missiles to destroy the other.
  4. Gemütlichkeit macrumors 65816


    Nov 17, 2010
    Wonder if there will be a permanent fix in Lion.

    Well the current fix is to not install this BS in the first place.
  5. 0815, Jun 2, 2011
    Last edited: Jun 2, 2011

    0815 macrumors 68000


    Jul 9, 2010
    here and there but not over there
    I'm getting pretty tired of the MacDefener 'news' updates - its time to go back to the normal life (and malware is part of that - no need for an update every day)

    But anyway good to see that it took Apple less than 24h to release an update.

    There is no fix for this type of malware ... If the user interacts with an installer, so there is not much that can be done until the installer is out in the wild and a signature for it can be created. Malware authors will always be a step ahead and nothing can be done about it.
  6. justinfreid macrumors 6502


    Nov 24, 2009
    NEW Jersey / USA
    Wirelessly posted (Mozilla/5.0 (iPhone; U; CPU iPhone OS 4_3_3 like Mac OS X; en-us) AppleWebKit/533.17.9 (KHTML, like Gecko) Version/5.0.2 Mobile/8J2 Safari/6533.18.5)

    This doesn't bode well for Lion's release. Even if these threats don't indicate a material problem with OS X, the fact that Apple has been baited into an arms war makes OS X look less secure.
  7. ImNoSuperMan macrumors 65816


    Dec 1, 2005
    Good to see apple responding so quickly.

    Though I dont really like this current situation. Where are the good old days when no hackers even bothered to create malware for Macs? Stop buying so many macs people :D
  8. miles01110 macrumors Core


    Jul 24, 2006
    The Ivory Tower (I'm not coming down)
    Looking forward to Apple's upcoming version of Patch Tuesday.

    ...except every week.
  9. NebulaClash macrumors 68000


    Feb 4, 2010
    But if Apple stays only one step behind and closes the holes within 24 hours each time, the attackers will soon learn that there isn't that much to be gained by the effort. They'll have to try another approach.

    You know, this relatively benign malware is, on balance, a good thing. This will educate Mac users not to click OK on software they did not choose to install. So that when something really serious shows up, they will know better thanks to this mild version that is merely annoying.
  10. millerb7 macrumors 6502a

    Jun 9, 2010
    You have to install this yourself.... it is NOT a virus... but maleware.

    Not sure exactly how OSX is less secure? Maleware has been around for years for OSX.... just don't install the damn thing!
  11. Northgrove macrumors 65816

    Aug 3, 2010
    Yes, they can of course release a new variant any day. Same as with the battle on other platforms. But what's important here is that this will keep the attacks from becoming widespread. Unless people keep clicking on all new variants all the time... (remember that this is a trojan, not a virus)
  12. Full of Win macrumors 68030

    Full of Win

    Nov 22, 2007
    Ask Apple
    The writers of this malware love to see Apple jumping through the hoops they make. This will on,y get worse with 10.7, as per Apples history, new OSes are filled with bugs and exploitable flaws.
  13. angrynstupid macrumors regular

    Jan 26, 2010

    What kind of logic is this?
  14. 0815 macrumors 68000


    Jul 9, 2010
    here and there but not over there
    You mean like windows where the general advice it not to install it until SP1 is released?
  15. riverfreak macrumors demi-god


    Jan 10, 2005
    Thonglor, Bangkok
    There are two types of people in this world, those who create and those who destroy. I can't wait for the pimply adolescents behind the MacDefender stunt to be tracked down. How funny to have a career ending moment before it even begins.
  16. hexx macrumors regular


    Jan 3, 2010
    London, UK, \m/
    just bring mac app store for default way of installing software and problem solved :) i know it's not gonna happen but it works fine on iOS devices - no malware
  17. cnixon macrumors member

    Nov 17, 2010
    Maleware? What's maleware? Sounds like a line of men's lingerie. :confused:
  18. zweigand macrumors 6502a


    Oct 19, 2003
    Man I hope this is the last round of Mac Defender tennis coverage.
  19. Beaverfish macrumors regular

    Dec 15, 2008
    Im thinking perhaps we should stop reporting this now.........
  20. WannaGoMac macrumors 68000

    Feb 11, 2007
    haha, I haven't heard this line in a while since Windows 7 came out. Windows 7 was a huge step in the right direction for MS as evidenced by lots of large IT departments rolling it out pre-SP1. This might have been due to the long and detailed beta test cycle, and fact that XP was over a decade old!
  21. KaneBaker macrumors member


    Oct 15, 2009
    Might as well call the mac a console at that point then.
  22. Detrius macrumors 68000

    Sep 10, 2008
    Asheville, NC
    Why do people keep thinking this is a security issue with OS X? MacDefender is not taking advantage of any security holes in OS X. It's wholly dependent on social engineering--convincing users to do something that they shouldn't. It's not a security flaw in OS X. Even if it didn't automatically open the installer, it could still talk people into opening the installer. It's good that Apple is doing something about it, but they aren't closing any security holes because there aren't any that are relevant to the situation at hand.

    The fix is AdBlock or NoScript, and Apple can't do that.
  23. beg_ne macrumors 6502

    Jul 3, 2003
    Completely irrelevant. MacDefender doesn't take advantage of any flaw or bug in OS X. The only flaw in play here is people's gullibility.
  24. gregd33 macrumors member

    May 3, 2011
    Strange game. The only winning move is not to play.
  25. gnasher729, Jun 2, 2011
    Last edited: Jun 2, 2011

    gnasher729 macrumors P6


    Nov 25, 2005
    The attackers will always be two steps behind any user with a brain. So you may be worried; I'm not.

    The big step would be a setting in "User Preferences" that needs to be turned on to allow any applications to be installed, or any downloaded applications to run. That setting would have to be turned on by the user, and would turn itself off after 15 minutes. Installer and Finder trying to start applications would show a message what to do when needed (a verbal message; user has to figure out how to do it himself). Result: Users trying to install legitimate apps are slightly inconvenienced; clueless users can't install MacDefender if they try; and users who know enough to figure out how to install MacDefender should be clever enough not to do it.

Share This Page