New, More Dangerous Mac Defender Variant Arises

Apple has finally responded to the Mac Defender malware that has infected a number of Mac users, but while Apple took considerable time before it took any action, the malware writer did not: he already has a new variant available that is more dangerous than the original.

The new malware has a new name for its fake antivirus component: MacGuard. Previously, two variants of Mac Defender were dubbed Mac Security and Mac Protector.

Intego, which identified the first version of the malware, discovered the new variant via a poisoned Google search early Wednesday morning. The new variant is split into two parts.

The first part is a downloader program which is installed into the user’s Applications folder. Assuming the end user is an administrator of the Mac (and, just as with Windows, most people are, as most computers have only one user with the default account being an administrator), the installer will open automatically. It won't ask for an administrator password. Intego said:
Unlike the previous variants of this fake antivirus, no administrator’s password is required to install this program. Since any user with an administrator’s account – the default if there is just one user on a Mac – can install software in the Applications folder, a password is not needed. This package installs an application – the downloader – named avRunner, which then launches automatically. At the same time, the installation package deletes itself from the user’s Mac, so no traces of the original installer are left behind.
The downloader then downloads and installs the second portion, which operates in the same manner as the originalfake antivirus Mac Defender.

The thought is that the changes sidestep portions of Apple's support note on Mac Defender, where the company says: “In some cases, your browser may automatically download and launch the installer for this malicious software. If this happens, cancel the installation process; do not enter your administrator password.”

The fact that no password is required simplifies the install and potentially makes it more dangerous, said Ed Bott of ZDNet. Still, if a potential victim cancels the install, they will be OK. Once again, it's finally begun: Mac OS X is finally being targeted by malware writers "in quantity."

It makes one laugh, but not because the ad was humorous, but rather because the ad was, simply stated wrong, at those Mac vs. PC ads that said the Mac wasn't vulnerable to malware (below).

Via:  ZDNet
Comments
omegadraco 3 years ago

This does not surprise me at all with the popularity of Apple products. Judging by the commercial posted they were asking for it as well. Apple users are getting a taste of the rogueware/scareware that is rampant through through the internet.

inspector 3 years ago

The more the population apple gets to the more virus it will have such as with windows.

Also i agree with draco :P, they are asking for it. LOL

Drake_McNasty 3 years ago

I like that apple took it's sweet time and didn't do anything about the virus until the developer had come out with a second more powerful version. This should knock the smug crapple users off of their high horse. I heard a rumor that this is going to be the year of mac viruses, I guess it's becoming true.

kid007 3 years ago

stay out of the porn site and you won't get virus :)

Der Meister 3 years ago

^porn sites are the safest imo... My girl friend got the mac defender virus from a travel website....lol 

Inspector 3 years ago

[quote user="Der Meister"]

^porn sites are the safest imo... My girl friend got the mac defender virus from a travel website....lol 

[/quote]

LOL, all sorts of website out there are a danger, just have to be careful and ready for them. There's really no way of telling which site has a virus or not before you visit them unless of course it has happened to others before and has been reported or news spread around of it. Be careful and well equipped :D is all anyone can say.

realneil 3 years ago

'Sophos Anti-Virus for Mac Home Edition' is free to download and it works. If you use a mac, and you're feeling just a little less Ick! 'immune' Ick! after reading this story, you can do a search for it and get it for nothing. I used it on my Mac for over a year before I sold it and it works.

CDeeter 3 years ago

I wondered how long Apple would be able to deny this one even existed. Talk about having your head in the sand, sheesh. lol

realneil 3 years ago

[quote user="CDeeter"]I wondered how long Apple would be able to deny this one even existed.[/quote]

Their first reaction was to ignore the problem, at least to public inquires concerning it. But they were working on a solution to the problem in the background all along. They've either just released a fix for it, or they're going to soon.

I think that their problem is mainly with keeping their customers informed from the outset. Not even addressing the situation from the start (to the point of telling their in store 'Geniuses' not to help infected customers remove it) while working on a 'fix' to correct it in the background is not good communication skills and an indicator of how they view their customer base.

It sucks.

CDeeter 3 years ago

Yeah it's a really lousy way to treat your customer base. I hope they learn soon that they cannot get away with just saying everything's fine in Apple land. The time has come for Apple to educate their users about how to deal with malware, instead of telling them to not worry about it.

To continue to do so would have to be considered almost criminal, as in making fraudulent statements concerning the abilities of their products.

rrplay 3 years ago

Maybe from Apple's point of view it's really good to have there loyal customers simply bring it in to the Apple Store $$ to have an expert explain it to them $$ this way the iSheep can always return with more $$

Seems that treating your customer base very poorly seems to be the norm these days.and as long as there is a blatant lack of consumer rights

it will continue.

Post a Comment
or Register to comment