Feeds

Apple strikes back with update blocking new scareware

'The cat and mouse game has begun'

Security for virtualized datacentres

Apple has updated Mac OS X to detect a piece of scareware that managed to bypass its malware-blocking measures.

As previously reported, a variant of a rogue antivirus package known as MacDefender was introduced on Tuesday that evaded the malware protection feature built into the latest version of the Mac operating system. In a series of events that closely mimics those in the Windows world, the variant was introduced just hours after Apple had added a malware signature designed to stop downloads of the malicious program.

"The cat and mouse game has begun," Mac antivirus provider Intego wrote in a blog post published on Thursday. "We will be following this closely, and testing all new variants as they appear. The people behind this malware have shown that they can react very quickly, and Apple has reacted rapidly as well."

Mac OS X Security preferences pane

Mac OS X System Preferences > Security > General: better safe than sorry

The latest update is specifically designed to detect a file called mdInstall.pkg, which installs MacDefender.C. Like similarly named programs such as MacGuard, the programs get installed after Mac users are tricked into believing their machines are riddled with infections. The ruse works by presenting people surfing Google Images, Facebook, and other sites with images depicting an antivirus scan on a Mac hard drive. Inevitably, the scan falsely claims that the users' machines are compromised and urges the rogue antivirus package be installed immediately.

Apple added the MacDefender definitions on Tuesday, following widely scattered evidence that the social engineering attacks were achieving their intended result.

The update protecting against the latest variant will automatically be installed on Macs running the latest version of Mac OS X that are configured to do so. To turn on automatic updating, go to System Preferences > Security, and select the General tab. Then make sure there is a check mark next to "Automatically update safe downloads list." ®

Secure remote control for conventional and virtual desktops

More from The Register

next story
NASTY SSL 3.0 vuln to be revealed soon – sources (Update: It's POODLE)
So nasty no one's even whispering until patch is out
Russian hackers exploit 'Sandworm' bug 'to spy on NATO, EU PCs'
Fix imminent from Microsoft for Vista, Server 2008, other stuff
Microsoft pulls another dodgy patch
Redmond makes a hash of hashing add-on
'LulzSec leader Aush0k' found to be naughty boy not worthy of jail
15 months home detention leaves egg on feds' faces as they grab for more power
Forget passwords, let's use SELFIES, says Obama's cyber tsar
Michael Daniel wants to kill passwords dead
FBI boss: We don't want a backdoor, we want the front door to phones
Claims it's what the Founding Fathers would have wanted – catching killers and pedos
Kill off SSL 3.0 NOW: HTTPS savaged by vicious POODLE
Pull it out ASAP, it is SWISS CHEESE
prev story

Whitepapers

Forging a new future with identity relationship management
Learn about ForgeRock's next generation IRM platform and how it is designed to empower CEOS's and enterprises to engage with consumers.
Why cloud backup?
Combining the latest advancements in disk-based backup with secure, integrated, cloud technologies offer organizations fast and assured recovery of their critical enterprise data.
Win a year’s supply of chocolate
There is no techie angle to this competition so we're not going to pretend there is, but everyone loves chocolate so who cares.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Intelligent flash storage arrays
Tegile Intelligent Storage Arrays with IntelliFlash helps IT boost storage utilization and effciency while delivering unmatched storage savings and performance.