Apple fix on MacDefender malware circumvented
By Chris Taylor
02/06/2011
Apple's efforts to detect and remove a rogue trojan have been thwarted just hours after the first update was applied.
The MacDefender malware and its variants encourage Apple Mac users to install MacGuard, a malicious application that deceives users into thinking it is legitimate anti-virus security software.
Yesterday a patch was released by Apple to fix the vulnerability, however, it seems the malware developers are intent on giving Apple a headache as a new variant was release within eight hours of the fix.
With many industry experts now calling this a game of cat and mouse, it is hoped that IT security workers will review and utilise their patch management software to make sure that they get the latest protection for their firms against the attack.
Chester Wisniewski, senior security adviser at Sophos, said that the "daily updates are a good start" but acknowledged that there are other methods of the mdinstall.pkg trojan file entering a users system.
"The biggest problem is the lack of an on-access scanning component. While LSQuarantine [the fix] works to protect against downloads in most browsers, it doesn't prevent infections through USB drives, BitTorrent downloads and other applications," he said.
The Enquirer revealed that the specific details behind the threat are financially motivated, explaining that: "Users are offered an option to download fake anti-virus software most commonly known as MacDefender for around $80, by putting in their credit card details."
