Saturday, March 24, 2012

New Mac Malware on Facebook, New Mac Defender bypasses Apple fix

Originally posted 06/02/2011 on lubbockonline.com

It's been a busy couple of days in the malware world.

New Mac and PC malware reported on Facebook

F-Secure reported "a significant malware" affecting both Mac's and PC's circulating on Facebook, then reported that Facebook finally blocked it. I'm not sure how significant it really was - by the time I checked the Openbook link in F-Secures initial post there were only two examples of the bogus links popping up, and the good folks at F-Secure couldn't manage to get infected by it even though they were trying. But if you should see messages or updates with the following subjects, don't click on the links:

 

 

At 17:00 GMT the attack changed subject line to:

one more stolen home porn video ;) Rihanna and Hayden Panettiere and…

Rihanna And Hayden Panettiere !!! Private Lesbian HOT Sex Tape stolen from home archive of Rihanna! Hot Lesbian Video - Rihanna And Hayden Panettiere !!

 

Apple in escalating war with Mac Defender?

On Tuesday, 05-31-11 Apple released Security Update 2011-003 for Mac OS X 10.6.7 and Mac OS X 10.6.7 Server. The update warns users when they download a known variant of Mac Defender and scrubs the malware from systems that have already been infected. It also has a daily update function to download definitions of new Mac Defender variants (and presumably other malware that may pop up).

It's a good thing Apple had the foresight to make their fix upgradeable. On Wednesday, 06-01-11 a new variant of Mac Defender that bypasses the Apple fix appeared. I'm sure that by the time you read this, or no later than Friday, 06-03-11 an update will take care of the new variant, and a day or so later a 'fixed' Mac Defender will appear to bypass Apple's update. And so on, and so on, and so on. That's not a knock on Apple, it's just the way these things work. The attacked company, in this case Apple, cannot ignore the malware, and the malware authors aren't going to let Apple beat them. Not for a while, anyway.

I'm glad Apple has built a fix for the latest version of OS X, but I wonder if Mac Defender runs on earlier versions. Not just earlier versions of Snow Leopard, but Leopard and Tiger, too. There are a lot of people still using them, but Apple's just leaving them in the cold. Hopefully Apple will release a version for Leopard, at least.