toggle

AAPL Stock: 562.29 ( -3.03 )

Mac Defender attackers bypass new Snow Leopard safeguards

updated 01:25 pm EDT, Wed June 1, 2011

May test OS' automatic definition updates


Malware coders have already managed to bypass the initial antivirus signatures implemented with Security Update 2011-003, a report notes. A new version of Mac Defender, linked to a file called Mdinstall.pkg, appears to have been deliberately crafted to go undetected by up-to-date copies of Snow Leopard. The file is even timestamped to Tuesday at 9:24PM Pacific time, meaning that less than eight hours elapsed before attackers managed to once again circumvent Mac OS' protections.

Although all versions of Mac Defender require people to accept installation, as previously mentioned by MacNN, the new variant is among those that don't ask for an administrator password, making it easier to become infected without due skepticism. Apple may be able to respond more quickly than it did before, however, as 2011-003 turns on automatic definition updates, similar to antivirus programs like Microsoft Security Essentials. How exactly Snow Leopard might notify people of definition updates has gone unannounced.

Before the Security Update, Mac Defender is believed to have become a minor crisis for Apple. The malware was not only gaining media traction but generating numerous calls to AppleCare, dominating phone traffic at at least one call center. The trouble may, ironically, be based in part on Mac OS' relative safety, as some victims assumed that software being pushed to them was coming from Apple.




by MacNN Staff

print
email
(8)

TAGS :

 security, Mac OS X, Snow Leopard

Related Articles

Recent Articles

toggle

Comments

  1. hayesk

    Professional Poster

    Joined: Sep 1999

    +22
    06/01, 01:53pm | report spam | Reply |

    Obvious solution

    If Apple would just remove the "Open safe files after download" preference in Safari, then this would all go away.

    Turn that preference off and you're done, no more worrying.

  1. fds

    Fresh-Faced Recruit

    Joined: Sep 2004

    +9
    06/01, 02:08pm | report spam | Reply |

    update notification

    "How exactly Snow Leopard might notify people of definition updates has gone unannounced."

    You won't get any notifications, the definitions just get silently updated every day, automatically.

  1. Kees

    Fresh-Faced Recruit

    Joined: Sep 2001

    +6
    06/01, 02:43pm | report spam | Reply |

    XProtectUpdater

    there's a new background app (deamon) running since the security update, it's called "XProtectUpdate", and periodically connects to "configuration.apple.com". Seems reasonable to assume Apple can update silently to protect against whatever new variety of Mac defender c*** those Ruskies can come up with relatively quickly.

  1. SockRolid

    Fresh-Faced Recruit

    Joined: Jan 2010

    +2
    06/01, 03:34pm | report spam | Reply |

    Another day, another update.

    Daily, silent definition updates are the perfect solution to two problems. First, the problem of naive users falling for the phishing scams. Second, the scare tactics used by the Symantecs of the world to try to herd people into buying their antivirus bloatware.

    I'm sure the free, automatic definition updates are Steve's reaction to Norton Antivirus or McAfee's antivirus offerings. "This sucks. We'll do it better than those idiots can."

  1. facebook_Clarence

    Via Facebook

    Joined: Jun 2011

    -2
    06/01, 04:02pm | report spam | Reply |

    Not good enough

    These automatic updates are too reactive rather than proactive. It means the attackers will always be a step ahead of the defenders.

    If you have a bit of common sense, you won't get malware/viruses/whatever in Mac OS, Windows, whatever... but if you're a big dummy, you'll get infected unless theres a proactive security approach.

  1. legacyb4

    Mac Elite

    Joined: May 2001

    +2
    06/01, 04:43pm | report spam | Reply |

    Freakin' Google Images

    My wife just had the malware pop up in Safari after looking for some reference photos on Google Images.

    Luckily, I had auto-open turned off in Safari so the payload stayed as a .zip file. However, the website hack pops up a new window that looks like a quasi-Mail window and tries to get you to "install" the update.

    Looking back at the link that actually carried the payload, it's a Wordpress site that got hacked.

  1. testudo

    Fresh-Faced Recruit

    Joined: Aug 2001

    -6
    06/01, 04:43pm | report spam | Reply |

    Re: Another day, another update

    Yeah, and Apple's system is so different than Norton or the others.

    Except it only works for those users running Snow Leopard. And the latest version at that. But that's OK. Mac users are always up-to-date on their software. Not like those Windows users.

    Oh, and is this whole 'scanning' process optional? Being a Mac user, I have no fear of silly MacDefender or other stupid malware and have no need to waste CPU cycles running some type of scanner (which will only find whatever Apple decides it wants to search for anyway).

  1. legacyb4

    Mac Elite

    Joined: May 2001

    +1
    06/01, 04:46pm | report spam | Reply |

    Here's the URL

    For those that want to see...

    http://tinyurl.com/3jocg3y

    You will get a notice that you are being redirected; if you click to proceed, you will see the bad page pop up and a download show up in your Download list.

    MAKE SURE YOU TURN OFF "Open safe files" in Safari first!

Login Here

Not a member of the MacNN forums? Register now for free.

 
close
Photo
toggle

Network Headlines

toggle

Most Popular

MacNN Sponsor

Recent Reviews

iHome iW2 AirPlay speaker

iHome generally isn't known as a luxury brand when it comes to audio, but it is prolific -- the company's docks and speakers are every ...

Logitech Ultrathin Keyboard Cover

One of the iPad's main weaknesses has always been productivity. It's not a question of apps; while it has taken a little time for a na ...

Logitech UE Air Speaker

If maybe a little more slowly than Apple would like, AirPlay is becoming a staple of the wireless speaker market for iOS devices. The ...

toggle

Most Commented

 

Popular News