Apple Releases Update to Detect and Delete MacDefender ‘Scareware’: UPDATE
Yesterday, Apple released an update for Snow Leopard to detect and warn useres if they have installed a fake Mac security software called MacDefender. The term ‘Scareware’ basically means that the software will plague users with popups and alerts warning them that their computer is infested with trojans, worms and other malware. To get rid of these popups users have to fork over $60 to $80 to purchase the registered version of the useless software.
The update, labelled 2011-003, adds a new definition to the rudimentary virus detection engine embedded in Snow Leopard, and also increases the requency with which it checks for definition updates to daily. This brings the total tally of antivirus definitions on the Mac AV engine to 6.
This update was only offered to users running OS X 10.6 aka Snow Leopard. Macs powered by the older 10.5 Leopard OS will not recieve the same anti-MacDefender protection. Users can download the update from the apple website or update their system using the regular ‘Software Update’.
The people responsible for the fake Mac security software has already updated their “scareware” to evade defenses Apple put in place late Tuesday, a French security company Intego confirmed today. “Apple’s [antivirus] did not detect the new sample,” said Peter James, a spokesman for Intego. According to James, the new malware file is identified as “mdinstall.pkg” and if installed, plants the phony MacDefender software on the victim’s Mac.
Intego confirmed that the scammers had created a new version that wasn’t detected by Apple’s new defenses. “This isn’t surprising, that there’s a new variant out almost as soon as Apple released its security update Tuesday,” said James. “[The attackers] are following the news, they’re efficient.”