New MacDefender Defeats Apple Security Update

Last week, Apple planned on issuing a software update to address issues of a fake security software, called MacDefender, that attempts to convince users to pay $80 to remove malware that doesnt even exist on the user’s computer.

Well, Apple did release a security update on May 31st that was intended to get rid of the MacDefender malware that has been an annoyance for nearly a month. Security Update 2011-003, available for both Mac OS X 10.6.7 and Mac OS X Server 10.6.7, included a malware removal tool that searches for and removes “known variants of the MacDefender malware.”

MacDefender, aka MacProtector and MacSecurity, uses JavaScript to present simulated Mac OSX dialog windows that try to convince the user that it has an infection. In order to remove the infection, the user must pay money.

Apple issued a statement explaining how the new malware removal tool worked. “Files downloaded via applications such as Safari, iChat, and Mail are checked for safety at the time that they are opened. If a file is identified as containing known malware, the system will display a dialog that alerts you to move it to the Trash. You should empty the Trash to finalize the removal of the file.”

Problem solved, right? Wrong. Apparently, as Yahoo News reports, a new MacDefender variant was found to bypass Apple’s defenses. The new malware is called Mdinstall.pkg and is “specifically formulated to skate past Apple’s malware-blocking code.”

Apple’s new malware removal tool does, in fact, allow for periodic updating of “definitions” just like a typical anti-virus software, so hopefully Apple releases yet another update to fix this new issue.

Share This
Further reading: , ,