MacDefender 'Scareware' Skirts Apple Fix
Earlier Tuesday, Apple released a security a update for Mac OS X 10.6.7, update 2011-003, that included malware detection and removal for the MacDefender phishing attack and its variants.
However, by about 9 p.m. PST, a new variant was detected, said Chester Wisniewski, a senior security advisor at U.K.-based Sophos.
"We noticed it in the U.K. and started seeing samples that were not detected in the Apple update,” Wisniewski said. “We weren't surprised because we thought it wouldn’t take the bad guys long to modify the malware.”
The malware is called “scareware” because it tries to frighten users into thinking a virus has invaded their computer, then tricks users into entering their credit card numbers to purchase fake security software.
Wisniewski said he wasn't surprised that Apple’s security update was circumvented. Apple has been targeted less than Microsoft historically and is less experienced at fighting off attacks, he said, adding that Apple is now re-evaluating its security response.
“We are seeing the re-invention of the wheel on the Apple platform for security,” he said. “Clearly the bad guys have been innovating a lot to be able to do this. They must be making money and want to make more. This is the first time criminals have really targeted Apple.
“My advise to all Mac users is to run some antivirus,” Wisniewski added.
Apple representatives could not be reached for comment Wednesday.
However, one Apple managed services provider said MacDefender does not pose a large-scale threat.
Alberto Palacios, systems engineer with Create More Inc., a San Francisco, Calif.-based MSP, said his company has received just one emergency call for help from a home user who then figured out how to remove the malware himself.
“I don’t think [MacDefender] is a big deal because, quite honestly, it’s a user-initiated issue," Palacios said. "You have to click a button that says, ‘Install this on my computer.’
"It’s malware not a virus, so it’s due to bad user behavior. I don’t think it says anything bad about Apple," he added. "We haven’t had any businesses contact us, just home users. It’s relatively easy to take care of. We had one emergency call from a client who was a home user and within five minutes he called back and said, ‘I took care of it myself.’ “