Mac malware bypasses Apple File Quarantine in hours

Jun 1, 2011
7

Dear Apple: welcome to the malware race. Despite Apple having released a new, daily-updating antivirus system yesterday to clean out the MacDefender menace, the authors of the malware responded within hours with a new version that bypasses the OS X defenses. ZDNet reports that it took less than 8hrs from the Mac Security Update 2011-003 definitions being released to an updated MacDefender build arriving.

As before, the malware - now going by the name Mdinstall.pkg - prompts an installation without requiring an administrator password. Although Apple's security update could initially block MacDefender, with File Quarantine popping up a warning and suggesting the user shift the app to the trash, since the updated build was in the wild that no longer takes place.

Now, it's not unusual for virus authors and security experts to play a cat-and-mouse game with each other, by turns trying to infect and block, and this is certainly a situation familiar to Windows users. The method of SEO poisoning used to lure users to infected pages also has plenty of potential to be used to impact Windows machines, too; in fact it's been in use for some time. It remains to be seen how well Apple's system can scale to handle what's only likely to be a growing issue in online security.


Must Read Bits & Bytes