Apple Security Update Adds Daily Check of Malicious Software + Removes MACDefender Trojan Malware
Today, Apple releases security update ahead of planned Mac OS X 10.6.8 update, to address the MACDefender scam. Adds daily download check of malicious software definitions.
Apple Security Update 2011-003 notes:
“The OSX.MacDefender.A definition has been added to the malware check within File Quarantine… Remove the MacDefender malware if detected.”
Snow Leopard 10.6.7 only. No restart needed. Downloaded and installed in ten seconds on a 2011 MacBook Pro.
Automatic Daily Check of Malicious Software
The security update adds new daily check of known malicious software for Snow Leopard. Apple note:
“Apple maintains a list of known malicious software that is used during the safe download check to determine if a file contains malicious software. The list is stored locally, and with Security Update 2011-003 is updated daily by a background process.”
The setting can be changed in System Preferences / Security.
MACDefender Trojan / Malware (Not Virus)
MACDefender is a form scareware trojan that targets Windows for a long time. Recently it was made for OS X. It’s not a virus, as it cannot replicate and install by itself. Instead, user has to be tricked into installing it.
Variants: MACDefender, MacSecurity, MacProtector. They are all malware pretending to be virus scan or anti-virus. Don’t install them!
How the trojan functions:
- User visits malicious web site.
- Malicious / compromised web site with payload will show a fake virus scan page (last image) and downloads an installer.
- Depending on browser setting, installer may auto-launch (for those without this security update).
- User has to click to install the trojan malware, which pretends it’s an anti-virus software.
- After installed, the trojan asks user for credit card information to remove non-existing viruses.
That’s quite a few steps to trick the user into installing the malware. Fortunately, Apple’s new security update makes it harder for people to actually install the malware against common sense, and removes the malware if already installed.
Images: First three are legit Security update from Apple. Last two are the MACDefender malware variant.