AfterDawn: Tech news

Mac malware already evades scareware security update

Written by James Delahunty (Google+) @ 01 Jun 2011 14:33 User comments (9)

Mac malware already evades scareware security update Mac users feel the pain of Windows users caught in the middle of a cat and mouse game with malware authors.
It only took a few hours after Apple released an update to protect Mac users against recent MacDefender scareware attacks for a new variant to show up that is immune to the current targeted protection being offered by Apple.

A sophisticated social engineering attack that targets Google search results and Facebook has led to thousands of Mac users installing scareware products under the MacDefender umbrella. The scareware, like its Windows lookalikes, prompts users with a phony list of detected threats on the machine, and tries to scam credit card and other information from the user.

Apple had promised a fix for Mac users, and delivered one on Tuesday. The OS X update detects MacDefender variants and removes them, as well as detecting them before they can be installed by the user.

However, it is being reported that within eight hours of the update going live, a new variant was already doing the rounds that is "specifically formulated" to get around the security update.

Since Macs will now automatically look for an updated list of known threats every 24 hours, Apple has the ability to respond quickly to new variants. Some speculate that this is a taste of what is to come for Apple in the near future.

On Windows, scareware / malware threats evolved over time to anticipate moves to fight them by Microsoft and dozens of security firms that offer products to fight infection. It is common for malware to utilize self-protection mechanisms, such as blocking Windows updates in any of dozens of ways, and blocking communications with anti-malware servers to stop periodic legitimate A/V updates or access to A/V software.

Tags: malware Apple
Previous Next  

9 user comments

11.6.2011 16:29

herp derp mac never get viruses hurr durr

21.6.2011 17:58

Still, why are people idiotic enough to install it in the first place.

31.6.2011 19:40

Originally posted by 21Q:
Still, why are people idiotic enough to install it in the first place.
Lol ikr, but its good to see the market is kind of even now. I wonder what mac will say in their commercials now. Obviously its not virus prove any more. I don't know if many of you remember the hacker who said that mac security was terrible, i bet some people will be finding that article again pretty soon if this keeps up.


41.6.2011 21:15

Burn bitch burn


Carpe Noctem

51.6.2011 22:43

At least they don't have the dreaded Norton or McAfee viruses...yet...but malware has been on the Mac for a long time...AOL and iTunes to name just a couple.



62.6.2011 2:32

Originally posted by 21Q:
Still, why are people idiotic enough to install it in the first place.

More ignorant than idiotic...unless they knew it seemed a little fishy and installed it anyway. If only people would know what to stay away from, they likely wouldn't need ANY anti-malware software, no matter what their OS.

I'm still shocked that companies are allowed to legitimately advertise this type of stuff (see MyCleanPC/SpeedUpMyPC/etc....usually the same bogus thing under a different name by the same company).

72.6.2011 17:46

Originally posted by xnonsuchx:
Originally posted by 21Q:
Still, why are people idiotic enough to install it in the first place.

More ignorant than idiotic...unless they knew it seemed a little fishy and installed it anyway. If only people would know what to stay away from, they likely wouldn't need ANY anti-malware software, no matter what their OS.

I'm still shocked that companies are allowed to legitimately advertise this type of stuff (see MyCleanPC/SpeedUpMyPC/etc....usually the same bogus thing under a different name by the same company).
That's completely false. For one, I've worked in IT for nearly 10 years, and recently saw something totally new. Had a friend with a brand new iMac and his search results were getting hijacked to different pages. Click on something in Google, say MSN.com and it takes you to random porn site, or other phishing scam.

The issue wasn't in the iMac itself, instead the router! The factory firmware, which was the only available at its time, was infected with some type of redirect. Luckily for him, his router was compatible with dd-wrt and just like that, an easy fix, albeit a headache to find the issue!

In my experience I've seen machines infected by being connected to the internet for only minutes. IMO casual users still need antivirus AND anti-malware to protect their systems. Since I'm beyond a casual user, I also double-up with a software firewall.

82.6.2011 22:42

Originally posted by SProdigy:
Originally posted by xnonsuchx:
Originally posted by 21Q:
Still, why are people idiotic enough to install it in the first place.

More ignorant than idiotic...unless they knew it seemed a little fishy and installed it anyway. If only people would know what to stay away from, they likely wouldn't need ANY anti-malware software, no matter what their OS.

I'm still shocked that companies are allowed to legitimately advertise this type of stuff (see MyCleanPC/SpeedUpMyPC/etc....usually the same bogus thing under a different name by the same company).
That's completely false. For one, I've worked in IT for nearly 10 years, and recently saw something totally new. Had a friend with a brand new iMac and his search results were getting hijacked to different pages. Click on something in Google, say MSN.com and it takes you to random porn site, or other phishing scam.

The issue wasn't in the iMac itself, instead the router! The factory firmware, which was the only available at its time, was infected with some type of redirect. Luckily for him, his router was compatible with dd-wrt and just like that, an easy fix, albeit a headache to find the issue!

In my experience I've seen machines infected by being connected to the internet for only minutes. IMO casual users still need antivirus AND anti-malware to protect their systems. Since I'm beyond a casual user, I also double-up with a software firewall.

And I've worked in IT since 1993...yadda yadda yadda. Yes, it's still a good idea for most users to use anti-malware software. I was exaggerating, in that it would be highly unlikely EVERYONE could learn to completely protect themselves anyway. There are certainly a few 'best practices' everyone who does anything online should be able to learn, though, so they don't have to rely on anti-malware software to catch everything they might stumble across as many of the worst offenders even get by those protections, but likely wouldn't have even been run across if users took some basic precautions. I keep a few anti-malware programs around for occasional scans of questionable things, but never have any active protection constantly running because it's more trouble than it's worth for me.
This message has been edited since its posting. Latest edit was made on 03 Jun 2011 @ 1:08

93.6.2011 9:46

Originally posted by xnonsuchx:
And I've worked in IT since 1993...yadda yadda yadda. Yes, it's still a good idea for most users to use anti-malware software. I was exaggerating, in that it would be highly unlikely EVERYONE could learn to completely protect themselves anyway. There are certainly a few 'best practices' everyone who does anything online should be able to learn, though, so they don't have to rely on anti-malware software to catch everything they might stumble across as many of the worst offenders even get by those protections, but likely wouldn't have even been run across if users took some basic precautions. I keep a few anti-malware programs around for occasional scans of questionable things, but never have any active protection constantly running because it's more trouble than it's worth for me.
Sorry if that came across as a personal attack, it wasn't. I think what I meant was that the general population is lucky enough to know how to turn on a computer. I always assume the worst case scenario and overprotect anyone's machine I work on, at least in the home user environment, which is wide-open.

I have a particular aunt though, that I ALWAYS have to fix her machine. Between her and her two adult children, they always find a way to destroy the machine! They either turn off or uninstall the protection, ignore updates and instantly click OK while installing dubious card games and other garbage. They refuse to take my advice on any general practices and it gets irritating.

As for the office sector I worked in a for a few years, I've seen just about every type of stereotypical abuse of a computer. I've seen coffee dumped on keyboards, employees who hit "print" 50 times when the printer is jammed or out of paper, others that open/close their Outlook email after reading their message (wasting tons of time) users with 1000 desktop icons that "can't find their files" and the best: a guy who made his email font the same color as the background and claimed he couldn't "type".

For the aforementioned email and web casual users, I tell them to get a Mac so a) they don't have issues and b) I don't have to waste my time fixing them!

Comments have been disabled for this article.

News archive