Apple responds to fake antivirus attacks

Apple on Wednesday updated the malware engine included with Snow Leopard to detect the newest version of MacDefender, the fake antivirus program that’s plagued users for the last month.

The update was the latest in what researchers have called a cat-and-mouse game between Apple and the cyber criminals shilling bogus security software.

Apple updated XProtect, the bare bones anti-malware tool tucked into Mac OS X 10.6, aka Snow Leopard, shortly after 2 p.m. PT Wednesday, to detect what the company tagged as “OSX.MacDefender.C.”

Related story – For stability and performance Snow Leopard is the cat’s meow

Today, French security company Intego and U.K.-based Sophos confirmed that yesterday’s update by Apple successfully warns users when they download the latest variant of MacDefender.

That variant appeared early Wednesday, Pacific time, when the gang responsible for MacDefender rushed out a new edition that evaded detection.

Apple initially updated Snow Leopard on Tuesday with signatures to sniff out two previous versions of the “scareware” and to provide users a tool that scrubbed infected Macs of the phony software.

Also called “rogueware,” scareware is bogus security software that claims a computer is heavily infected with worms, viruses, Trojan horses and the like. Once installed, the worthless program nags users with pervasive pop-ups and fake alerts until they fork over a fee. MacDefender, the first scareware to target Macs, demands $60 to $80 to stop bothering victims.

Related story – Mac OS X update debunks security myth

Intego first reported MacDefender in early May, but since then several variants have appeared, all with different names but only minor code changes. The most recent title of the scare is “MacGuard,” which is delivered via a downloader that installs without requiring a user’s administrator password.

Researchers had wondered how quickly Apple would react to the new variant, and applauded Apple’s pace. But one warned that Apple had a tough row to hoe.

“If the bad guys can continually mutate the download, XProtect will not detect it,” Chet Wisniewski, a security researcher with Sophos, noted in a blog post today.

Wisniewski also said that the scareware group was outsourcing its attacks by paying criminal affiliates to distribute MacDefender and its ilk. [They’re] recruit[ing] other people to perform black-hat SEO [search engine optimization], infect Web pages and post blog spam, and assign each one a unique affiliate ID,” said Wisniewski. “This allows the criminals to track which affiliate referred the victim and pay them a commission upon purchase of the fake software, enabling the criminals to cast a much wider net.”

Because Snow Leopard’s XProtect component pings Apple’s servers only once each day, and because not every Mac reaches out for signature updates simultaneously, some users may have received the MacDefender.C fingerprint while others have not.

To manually force an update, users can clear the box marked “Automatically update safe downloads list” in the Security section of their Mac’s Preferences, then check the box again.

Gregg Keizer covers Microsoft, security issues, Apple, Web browsers and general technology breaking news for Computerworld. Follow Gregg on Twitter at @gkeizer or subscribe to Gregg’s RSS feed . His e-mail address is [email protected] .

Would you recommend this article?

Share

Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.


Jim Love, Chief Content Officer, IT World Canada

Featured Download

Featured Story

How the CTO can Maintain Cloud Momentum Across the Enterprise

Embracing cloud is easy for some individuals. But embedding widespread cloud adoption at the enterprise level is...

Related Tech News

Get ITBusiness Delivered

Our experienced team of journalists brings you engaging content targeted to IT professionals and line-of-business executives delivered directly to your inbox.

Featured Tech Jobs