Mac Password

While it took nearly a month for Apple Inc. to release a security update against the MacDefender malware, the malware’s authors needed mere hours to turn the tables.

Technology writer Ed Bott noted the “bad guys” wasted no time in thwarting Apple’s initial security update with a new variation of MacDefender.

“The bad guys have wasted no time. Hours after Apple released this update and the initial set of definitions, a new variation of Mac Defender is in the wild. This one has a new name, Mdinstall.pkg, and it has been specifically formulated to skate past Apple’s malware-blocking code,” Bott said in his blog.

He said that the file has a date and time stamp “less than eight hours after Apple’s security update was released.”

On a test system using Apple’s Safari browser with default settings, it behaved exactly as before, beginning the installation process with no password required.

“As PC virus experts know, this cat-and-mouse game can go on indefinitely. Your move, Apple,” he said.

Bott also said he captured a video that shows Apple’s File Quarantine feature successfully blocking an attempt to automatically install the MacGuard malware.

Earlier, Apple had released Security Update 2011-003, which includes changes to the File Quarantine feature.

The feature includes antimalware checks for files downloaded through web browsers, e-mail, and other common paths.

This update includes definitions for Mac Defender and its known variants, as well as an automated removal tool. It works only with the most recent version of Snow Leopard, 10.6.7.

However, Bott noted the MacGuard fake antivirus program can go from a seemingly innocent Google search result to a full install in just three clicks, with no password required.

Worse, he said the May 31 release of MacDefender’s Mdinstall.pkg is not detected by the 2011-003 update and signature files.

“It will be interesting to see how widely Apple publicizes this notice. It will be even more interesting to see how the authors of MacDefender and its variants respond,” he said.

People who read this also read:

• New Mac malware surfaces, defies Apple fix
  Mere days after Apple Inc. posted a fix for a fake anti-malware program affecting its Mac computers, a new and potentially meaner variant of the program has started making the rounds....
• Is Apple Ready to Play Cat and Mouse With Malware Developers?
  The Security Update 2011-003 that Apple released on Tuesday directly addressed the Mac Defender malware threat in two ways: It changed the way malware files are detected by enabling automatic daily updates, and it included code to remove at least two...
• New Mac malware surfaces
  Mere days after Apple Inc. posted a fix for a fake anti-malware program affecting its Mac computers, a new and potentially meaner variant of the program has started making the rounds....
• Malware/pornware attack targets Apple’s Mac
  Similar to the RogueAV malware on PCs that falsely informs end-users that their computers are infected with all manner of nasties, MacDefender claims to be security software that is instead attempting to extort a payment from you to clear the fake in...
• Sophos developed free antivirus software for Mac
  Sophos unveiled free antivirus software that Macintosh users can install to detect and block malware that targets computers running the Mac operating system. Sophos developed free antivirus software for Mac...