A new version of MacDefender has been found, hours after a Mac OS X security update that would supposedly fix the problem was issued. Let the cat and mouse fight begin!
The new variant of MacDefender, which started making its rounds a few hours ago, works and is distributed identically to previous versions of the malware: unsuspecting users are redirected to an ill-intentioned website that claims that the Mac is infected. From there, the malware ironically disguises itself as an anti-malware tool. The only difference is that this new version completely gets around the Security Update that Apple released yesterday.
Yesterday, we speculated that Apple would have a hard time managing the emerging threats that are hitting the Mac platform in more volume than ever before. After the apparent success of MacDefender, there’s no wonder hackers are likely looking at Mac OS X, as well as many of its users who never had to deal with this kind of threats before, as a great target with huge potential.
Windows users have had to deal with malware almost ever since the platform’s inception. Even most novice users of said platform understand the basics of keeping an anti-virus up-to-date and installing the newest Windows security patches. There’s a whole education process that Apple and anti-malware makers will have to initiate in order to make Mac OS X users more aware of malware threats and how to stay protected from them.
Apple has so far been handling security the Apple way: no fuss and no user interference. That’s the reasoning behind the company’s latest security update, which essentially turns Mac OS X’s safe file filter into a full-fledged anti-malware program, capable of automatically downloading virus definitions from Apple’s servers on a daily basis. That’s a good first step towards fixing the problem, but Apple will have to learn to take action more swiftly to stop new threats as they arise. Critical security threats must be patched within hours, not weeks, and Apple must be more open about it’s progress when developing critical fixes. As Macs move further and further into the business space, IT managers must be confident that the platform isn’t going to break down at any moment from a security breach or a malware epidemic.
Users should use common sense when downloading files. Remember that no proper virus scan can be done through a browser, and if some application inexplicably shows up on your system, you most likely shouldn’t type in your credit card if it requests it. If you haven’t already, download Security Update 2011-003. Some security is always better than no security.