Security companies have built their giant corporate empires over the years by playing a cat and mouse game with those who program Windows malware. It’s an endless reactive cycle where Microsoft and antivirus developers issue software patches to stop existing attacks while attempting to anticipate the next moves of cybercriminals. All too often, however, it is only mere days or hours before the next threat is released into the wild.
For well over a decade, Apple has been nearly immune to this malware cat and mouse game, but with the recent emergence of MacDefender fake antivirus and a number of copycats infecting the systems of unsuspecting Mac owners, the company has now suddenly found itself playing out of necessity. And Apple’s first round of security patches to protect users didn’t hold up for long.
According to ZD Net reporter Ed Bott, there were new MacDefender varients attacking systems less than 8 hours after Apple issued their security update in an attempt to quash the malware:
The bad guys have wasted no time. Hours after Apple released this update and the initial set of definitions, a new variation of Mac Defender is in the wild. This one has a new name, Mdinstall.pkg, and it has been specifically formulated to skate past Apple’s malware-blocking code.
The file has a date and time stamp from last night at 9:24PM Pacific time. That’s less than 8 hours after Apple’s security update was released.
On a test system using Safari with default settings, it behaved exactly as before, beginning the installation process with no password required.
As PC virus experts know, this cat-and-mouse game can go on indefinitely. Your move, Apple.
The cybercriminals who are spreading MacDefender, and similar fake utilities MacProtector and MacSecurity, to Apple users seem to be relying heavily on the social engineering techniques that fooled an untold number of Windows users by promising pictures of a dead Osama Bin Laden after Navy SEALs raided the Al Qaeda leader’s compound. This one tries to lure Facebook users with a “really freaky video” of former IMF chief Dominique Strauss-Kahn attacking his alleged rape victim, a NYC hotel maid.
Security firm Sophos reports that the Strauss-Kahn trick has been used not only on Mac users, but has also been used to infect Windows users with the Troj/Mdrop-DMN Trojan horse.
As always, be wary of opening any email or social networking links, no matter how enticing they sound, and don’t rely on security software and patches to keep you safe... even if you use a Mac.
