Responding to a widespread fake antivirus program targeted at Macs, Apple released Tuesday an update that will warn users and remove the threat. The update is available for Macs running Snow Leopard Mac OS X 10.6, as well as Mac OS X Server 10.6.
In its Security Update 2011-003, Apple said the update, available via Software Update or from Apple Downloads, refreshes the malware definition on File Quarantine to include MAC Defender, the fake antivirus malware, and provides for automatic, daily updating of known definitions. Automatic updating can be disabled by the user. The update also removes MAC Defender and known variants if the malware has already been installed, and an alert will notify the user of that action.
Reports on the web Wednesday indicated that malware makers have already circumvented Apple's update by changing the name of the malware file to mdinstall.pkg. The move could be short-lived if Apple adds the file name to its new daily update of malware definitions.
'Give Apple Credit'
Apple said files downloaded via Safari, iChat or Mail are checked against a list of known malware that includes viruses, worms, Trojan horses, and other malicious software . If a file is found to be on the list, the Mac OS X update displays a dialog prompting the user to move it to the trash. The list is stored on the computer and, with the update, refreshed daily.
For years, Macs have enjoyed the reputation that they weren't susceptible to the many kinds of malicious software that have plagued Windows machines, because of the inherent strength of Mac OS X. Many observers have also argued that, because the installed base of Macs was so small, it wasn't worth the effort for a self-respecting hacker.
Chris Christensen, an analyst with IDC, said the myth of the Mac's invulnerability to hacking attacks "still largely stands in public perception," although they were "never technically invulnerable." Rather, he said, it was because their installed base was too small, but now the Mac's usage, transactional functions, and larger installed base present a tempting target to attackers.
Christensen added that he has to "give Apple credit" for its quick response to this vulnerability.
According to Mac security firm Intego, MAC Defender targets Mac users primarily through "SEO poisoning attacks," in which web sites with malicious code use search-optimization tricks to rank at the top of search results. A user who clicks on a malicious search result is sent to a web site that shows a fake screen and a fake malware scan, after which it tells the user that the computer is infected. (continued...)