Apple OS X update targets latest malware

According to security researcher Brian Krebs, in its most recent advisory, Apple said that if MacDefender scareware is found, the system will quit the malware, delete any persistent files, and correct any modifications made to configuration or login files.

Then, says Apple, after MacDefender is identified and removed, a warning message will be displayed the next time an administrator account logs in.

Krebs reports that the update also adds malware definitions to warn users away from downloading MacDefender, and sets the computer to check daily for updates to the malware definition list.

"Mac users who apply this update and later try to download a version of this malware via Safari, iChat or Mail should see a warning note", he says in his latest security blog.

The former Washington Post security writer says that he is glad that Apple has released this update, although he thinks they probably waited too long to do so.

The Softpedia newswire has also given the thumbs up to the update, noting that the security update contains three patches for the client and server versions of Mac OS X 10.6 Snow Leopard.

"First and foremost, the update adds the OSX.MacDefender.A malware check definition within File Quarantine. The second tweak, also within File Quarantine, automatically updates the known malware definitions", says the newswire.

"This is an important change for Apple and OS X users, as it marks the first time Apple has given the xprotect.plist file the ability to update itself with new malware definitions", the newswire adds.

According to Amit Klein, CTO of browser security specialist Trusteer, meanwhile, the Mac has never been more secure than Windows – it is just that it has been attacked less frequently by malware authors.

"This situation – as witnessed by the arrival of MacDefender – is slowly changing. We are seeing more attack tools for the Mac OS being released. If this continues, the risk of using a Mac could become similar to the risk of using a PC", he said.

"It's important to note that the relative insecurity of a computing platform is purely based on the amount of effort cybercriminals are willing to put into developing malware that attacks it", he added.

Klein went on to say that, if darkware like MacDefender keeps appearing – as seems quite likely – then sales of Apple Macs to users looking for a 'less insecure' computing platform than Windows are likely to fall.

This, he explained, makes it imperative that Apple addresses the problem of malware rapidly and decisively – something that Microsoft failed to back in the late 1980s and 1990s, when worms and malware were still in their infancy.

"Our research at Trusteer confirms what many have suspected in the industry for some time, namely that fraudsters are becoming more sophisticated in their use of social engineering tactics", he said.

"They also keep coming up with creative new ways to convince people to surrender their personal information and payment card data, which puts money at risk. Mac users need to join their Windows cousins in understanding the need to be safe online and exercise extreme caution when surfing the Internet", he added.

What’s Hot on Infosecurity Magazine?