Apple strikes back with update blocking new scareware
'The cat and mouse game has begun'
Apple has updated Mac OS X to detect a piece of scareware that managed to bypass its malware-blocking measures.
As previously reported, a variant of a rogue antivirus package known as MacDefender was introduced on Tuesday that evaded the malware protection feature built into the latest version of the Mac operating system. In a series of events that closely mimics those in the Windows world, the variant was introduced just hours after Apple had added a malware signature designed to stop downloads of the malicious program.
"The cat and mouse game has begun," Mac antivirus provider Intego wrote in a blog post published on Thursday. "We will be following this closely, and testing all new variants as they appear. The people behind this malware have shown that they can react very quickly, and Apple has reacted rapidly as well."
Mac OS X System Preferences > Security > General: better safe than sorry
The latest update is specifically designed to detect a file called mdInstall.pkg, which installs MacDefender.C. Like similarly named programs such as MacGuard, the programs get installed after Mac users are tricked into believing their machines are riddled with infections. The ruse works by presenting people surfing Google Images, Facebook, and other sites with images depicting an antivirus scan on a Mac hard drive. Inevitably, the scan falsely claims that the users' machines are compromised and urges the rogue antivirus package be installed immediately.
The update protecting against the latest variant will automatically be installed on Macs running the latest version of Mac OS X that are configured to do so. To turn on automatic updating, go to System Preferences > Security, and select the General tab. Then make sure there is a check mark next to "Automatically update safe downloads list." ®
Sponsored: Becoming a Pragmatic Security Leader