Apple Responds Quickly to Evolving 'Mac Defender' Threat With Updated Malware Definitions

[wesleyh]

I got the malware today and the installer package opened just fine, how do I know my xprotect file or whatever plist is up to date? Where can I find it?

Edit: nm, read the previous comments and figured it out. Now the plist contains macdefender A-D.

Anyway, the downloaded package still opens and gives me the installer screen. Is this because I already opened it once and it doesn't recheck?

That plist is gonna grow very long methinks...

 

[Fukui]

Wirelessly posted (Mozilla/5.0 (iPhone; U; CPU iPhone OS 4_3_3 like Mac OS X; en-us) AppleWebKit/533.17.9 (KHTML, like Gecko) Version/5.0.2 Mobile/8J2 Safari/6533.18.5)

This doesn't bode well for Lion's release. Even if these threats don't indicate a material problem with OS X, the fact that Apple has been baited into an arms war makes OS X look less secure.

It may make it *look* less, but it will hopefully *make* it more secure in the end. I’ll take is more than looks any day of the week.

 

[justinfreid]

You have to install this yourself.... it is NOT a virus... but maleware.

Not sure exactly how OSX is less secure? Maleware has been around for years for OSX.... just don't install the damn thing!

I don't see why you quoted me to make this point, millerb7, please see autrefois’s first sentence below.
Further, initially requiring user intervention for infection doesn't make software something less than a virus - this malware isn't a virus, as far as I can tell, because it doesn't reproduce and spread itself to other machines.

The word "virus" was not brought up until you mentioned it...

I agree with justinfreid that this situation is making OS X *LOOK* less secure. It is a threat: even if it is malware that must be user-installed, it is still malware. Mac users are less used to this sort of thing, and this is arguably the most high-profile threat to OS X and it's coming right before a major conference.

I wonder if Steve will address security in his keynote to try to show Apple is being active in protecting against malware (daily automatic updates could be spun to be a positive thing). The fact that they do seem to be on top of this one, unlike other holes that would at times go unpatched for months, makes things at least seem more secure.

What kind of logic is this?

Thanks autrefois, and hope this answers your question angrynstupid.

Since I was posting from my phone and wasn't sure of the exact syntax for italics, I didn't emphasize look, and it was the appearance of a growing flaw that I thought could potentially cause problems, however small, so close to the release of Lion.
Apple's quick reaction and change to daily updates indicates to me that they see this type of infection as a growing problem and not a one off, never to return issue. Being forced to devote resources to another cat and mouse situation, the other being jailbreaking of iOS, is what might sap a lot of the OS X team's resources going forward.
But, I understand how Apple PR could spin this the other way and claim that Lion is in fact more secure and point to how this cat, Lion, can crush any mouse it finds.
I have a lot of confidence in Cupertino, and I'm looking forward to 10.7, but I don't think suggesting that an escalating anti-malware arms race would look bad should be scoffed at (how I interpreted my 30 or so thumbs down for the post): Apple Inc. isn't perfect and the growing popularity of OS X lends itself, at the very least, to it being a more interesting playground for malware authors.

 

[MAC-PRO-DEMON]

Slightly annoyingly I got the Malware today as well. I knew what it was immediately, so deleted it as soon as I noticed it. This marks the second machine which it has downloaded onto in my house! What is more disappointing is that Sophos Antivirus didn't notice it, until I pointed it to scan the file, even then it couldn't get rid of it, I had to manually delete it! It seems there are 4 malware files inside the mpkg -->

 

[GGJstudios]

What is more disappointing is that Sophos Antivirus didn't notice it,

Sophos is not recommended, as it can actually increase your Mac's vulnerability.

 

[MAC-PRO-DEMON]

Sophos is not recommended, as it can actually increase your Mac's vulnerability.

What would you recommend? Intego? I'm only able to go free..

 

[GGJstudios]

What would you recommend? Intego? I'm only able to go free..

If you read the Mac Virus/Malware Info, you'll see a recommendation for ClamXav, if you insist on using any antivirus.

 

[Music4Film]

I just forced an update to the OSX definitions via turning the automatic refresh off and on again in the system preferences security tab and there seems to be yet another new Defender variant added to the list. OSX.MacDefender.E

 

[AidenShaw]

signature-based malware detection is hopeless

I just forced an update to the OSX definitions via turning the automatic refresh off and on again in the system preferences security tab and there seems to be yet another new Defender variant added to the list. OSX.MacDefender.E

On an earlier MACdefender thread, I posted:

The main value of Norton and other protection programs today isn't virus protection, it's malware protection. And by the way, simplistic signatures like Apple is using for malware are becoming worthless - polymorphic malware (see http://en.wikipedia.org/wiki/Polymorphic_virus) changes its signature constantly. Current top-tier anti-malware suites use behavioural and other heuristics that can stop previously unknown malware - the zero-day problem.

- Proactive Threat Scanning
Proactive threat scanning uses heuristics to detect unknown threats. Heuristic process scanning analyzes the behavior of an application or process to determine if it exhibits characteristics of threats, such as Trojan horses, worms, or keyloggers. This type of protection is sometimes referred to as zero-day protection.

http://www.symantec.com/business/support/index?page=content&id=TECH102401&locale=en_US

Apple's response to this threat seems to be using techniques from a decade ago.

As Margo Channing said, "Fasten your seat belts. It's going to be a bumpy night."

Probably before another week is up the MAC Defender folks will adopt polymorphism, so that every single MAC Defender infection has a unique signature. Apple can't stop that using old-fashioned signature-based methods.

 

[Tucom]

Double edged sword.

It's honestly - in a way - excellent that the Mac is finally being targeted because, like others have pointed out, will ultimately make the Mac and OS X *more* secure, how?

A.) Educate the "noob" users to not install random downloads.

B.) Get Apple on the ball and make OS X more secure by patching up new holes.

C.) Give Apple a necessary objective to create even more secure OS's down the road.


Basically this malware and any more down the road is basically like having the malware writers "beta test" OS X's security, and, if Apple responds accordingly, ultimately just make OS X that much more secure.

Kinda like w/ Windows 7, all the more viruses that come out, eventually make it safer, and MS has been incredibly on the ball lately and am typing this from my gaming Windows 7 machine and given the facts lately I'd have no problem storing any very sensitive info on here, I thin Win 7 is finally a very secure OS, though still maybe not *quite* to OS X, but it then it could very well be.

Props to Microsoft for finally making Windows a stable, secure OS, and props to Apple for being on the ball about OS X's vulnerabilities that are undeniable going to be there sometimes, at least for now.

 

[DLDHistory]

Looking forward to Apple's upcoming version of Patch Tuesday.

...except every week.

This is very funny...us Win7 people get this and we have to laugh or we will cry hehehe..Patch Tuesday is usally followed by headache Wednesday

 

[caspersoong]

I wonder how much this costs Apple.

 

[MAC-PRO-DEMON]

If you read the Mac Virus/Malware Info, you'll see a recommendation for ClamXav, if you insist on using any antivirus.

If it was just me using the computers, then I would not "insist" on using any antivirus. Unfortunately it isn't, and my younger sister managed to get download it yesterday "when I was looking for the song" and my older sister managed to download it "when I was googling that shop". We aren't all power users, my parents wont have problems as they don't go anywhere near the sorts of sites that house the virus, but my sisters do, I do. Antivirus is a must, you can't be left in the dark!

 

[GGJstudios]

If it was just me using the computers, then I would not "insist" on using any antivirus. Unfortunately it isn't, and my younger sister managed to get download it yesterday "when I was looking for the song" and my older sister managed to download it "when I was googling that shop". We aren't all power users, my parents wont have problems as they don't go anywhere near the sorts of sites that house the virus, but my sisters do, I do. Antivirus is a must, you can't be left in the dark!

I understand your concern, but no antivirus can fully protect against a user's deliberate actions. Keeping other users of your Mac informed on threats such as this and teaching them to be cautious when installing anything will help a lot.