Posted on 05/26/2011 2:21:53 AM PDT by Swordmaker
Summary
Apple finally responded to the Mac Defender outbreak, with a technical note containing removal instructions and the promise of a removal tool. Within hours, the bad guys had released a new version of their malware. This one doesn’t require that you enter an administrator’s password.
Yesterday, 25 days after the Mac Defender malware began to appear in the wild, Apple finally responded. In a technical support note, “How to avoid or remove Mac Defender malware,” the company posted instructions for users to follow if they’ve encountered this malware specimen in the wild. It also promised a security update to remove infections automatically.
File that memo under, “Too little, too late.”
Within 12 hours of Apple’s announcement, the author of the original Mac Defender program had a new variant available that renders key portions of the current Mac Defender prevention plan obsolete.
A security researcher for Intego, the Mac-centric security company that identified the original Mac Defender, found the first example of this new code via a poisoned Google search very early this morning.
Several factors make this specimen different. For starters, it has a new name: MacGuard. That’s not surprising, given that the original program already had at least three names. But this one is divided into two separate parts.
The first part, a downloader program, installs in the user’s Applications folder. If you’re an administrator on your Mac (and most people are, given that the overwhelming majority of Macs have only one user and the default account in that scenario is an administrator), the installer will open automatically. All you have to do is click Continue to begin the installation.
Unlike the previous variants of this fake antivirus, no administrator’s password is required to install this program. Since any user with an administrator’s account – the default if there is just one user on a Mac – can install software in the Applications folder, a password is not needed. This package installs an application – the downloader – named avRunner, which then launches automatically. At the same time, the installation package deletes itself from the user’s Mac, so no traces of the original installer are left behind.
The downloader portion then installs the second part, which is similar to the original Mac Defender.
The new architecture seems to be a specific response to Apple’s instructions in the Mac Defender security note: “In some cases, your browser may automatically download and launch the installer for this malicious software. If this happens, cancel the installation process; do not enter your administrator password.”
In this new variation, no password is required as long as you’re logged in using an administrator account. That might lull a potential victim into thinking they’re safe.
I know a lot of Apple users who breathed a sigh of relief yesterday, thinking that Apple’s belated response finally means that the problem is over. As any computer security researcher will tell you, this arms war is just getting started.
Apple appears to be treating this outbreak as if it were a single incident that won’t be repeated. They seriously underestimate the bad guys, who are not idiots. Peter James, an Intego spokeperson, told me his company’s analysts were “impressed by the quality of the original version.” The quick response to Apple’s move suggests they are capable of churning out new releases at Internet speeds, adapting their software and their tactics as their target—Apple—tries to put up new roadblocks.
If Apple plans to play Whack-a-Mole with these guys, they’re in for months of misery. Just ask any Windows security expert who was around in 2003 and 2004 when Microsoft was learning a similar painful lesson. If each reaction from Apple takes two or three weeks, the bad guys will make a small fortune and Mac users can count on significant pain and anguish.
If you’ve run across this new variation in the wild, let me know. I’ll have my eyes open and plan to report back if I find anything.
The question begets, why is Windows more popular than Mac’s
Thanks.
Did you not pay attention to what I just told you? The Mac can run MORE software than your PCs can. . . natively. Why do you think web developers are choosing the Mac for their platform of choice.
It might be able to do so, but there aren’t as many choices out there as far as I know.
What are the stats of the number of home computers running Mac and how many are running Windows?
Thanks Swordmaker!
“The question begets, why is Windows more popular than Mac’s”
Because MS does not make computers.
You really DON'T pay attention, do you? I just got through telling you that with a Mac you can choose ALL of the Mac OSX catalog of software and then you can also choose ALL of the UNIX catalog of software, and then you can choose ALL of the Linux catalog of software, and then, Jonty, you can chose ALL of the WINDOWS 95, 98, XP, Vista, and 7 catalog of software! And Jonty? You can, if you wish, run all of that simultaneously and natively as separate instances on the same machine...even an iMac can do it. If you add in the iOS catalog which is developed on the Mac and will run on it, then that adds a catalog of 500,000 more apps!
You cannot say that a computer that runs all the choices of your computer and THEN more of its own, and hundreds of thousands of other Apps from other OSes, that will run natively on the Mac (!) has fewer choices than yours.
The stats you requst are irrelevant. . . especially when you are arguing quality, unless you want to claim a Ford F-150 pickup truck is the best quality automobile on the market in the United States in 2010? It certainly was the best selling. I'd argue that any model Lincoln would run rings around the Ford pickup in quality standards... but the quantity would be considerably fewer.
Similarly, millions of kindergartners turn out artwork every year... There are literally a glut on the market of such paintings... probably out numbering the Windows computers in use in the world. There are also lots of art created by Grand Masters that are much higher in quality than those efforts created by those five year olds, but the number of masterpieces is in the tens of thousands... Why aren't there more? Could it be there aren't enough grandmasters turning out masterpieces to compete with those kindergartners? Just as there is only ONE Apple Inc. producing Mac computers competing with hundreds of PC makers putting out Windows computers.
I have a pc and anti virus etc software. Am I protected?
***By your logic, the best restaurants must therefore be Macdonalds. . . and the best coffee must be Starbucks. Your logic that popularity defines quality fails.***
LOL!
Excellent advice and the best instructions I have seen anywhere.
Thanks for the compliment... pass the instructions around to every Mac user you know.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.