A day after Apple released a security update for Mac OS X to address the "MAC Defender" malware, a new variant of the bogus antivirus software has been spotted in the wild [update: Apple has quickly responded, too].
Update: Quickly after the variant was released, Apple responded in kind in the ongoing cat-and-mouse game and updated its anti-malware definitions to address the latest version of the software.
As first reported by Ed Bott at ZDNet, the new variation of MAC Defender, named "Mdinstall.pkg," has been crafted to bypass the new malware-blocking code made available by Apple. That update for Mac OS X, Security Update 2011-003, was released on Tuesday.
"The file has a date and time stamp from last night at 9:24PM Pacific time," Bott wrote. That's less than 8 hours after Apple's security update was released. On a test system using Safari with default settings, it behaved exactly as before, beginning the installation process with no password required.
"As PC virus experts know, this cat-and-mouse game can go on indefinitely. Your move, Apple."
Security Update 2011-003 included changes to the File Quarantine feature found in Mac OS X 10.6 Snow Leopard. It includes anti-malware definitions within the operating system itself, and examines external files downloaded within Mail, iChat, Safari, or other quarantine-aware applications.
The MACDefender malware first gained attention in early May, when it was spotted by an antivirus company. The program automatically downloads in Web browsers through JavaScript and originally required users to enter an administrator password, but amore recent variant does not ask for a password.
Update: Quickly after the variant was released, Apple responded in kind in the ongoing cat-and-mouse game and updated its anti-malware definitions to address the latest version of the software.
As first reported by Ed Bott at ZDNet, the new variation of MAC Defender, named "Mdinstall.pkg," has been crafted to bypass the new malware-blocking code made available by Apple. That update for Mac OS X, Security Update 2011-003, was released on Tuesday.
"The file has a date and time stamp from last night at 9:24PM Pacific time," Bott wrote. That's less than 8 hours after Apple's security update was released. On a test system using Safari with default settings, it behaved exactly as before, beginning the installation process with no password required.
"As PC virus experts know, this cat-and-mouse game can go on indefinitely. Your move, Apple."
Security Update 2011-003 included changes to the File Quarantine feature found in Mac OS X 10.6 Snow Leopard. It includes anti-malware definitions within the operating system itself, and examines external files downloaded within Mail, iChat, Safari, or other quarantine-aware applications.
The MACDefender malware first gained attention in early May, when it was spotted by an antivirus company. The program automatically downloads in Web browsers through JavaScript and originally required users to enter an administrator password, but amore recent variant does not ask for a password.
No comments:
Post a Comment