Apple issued a security update on Tuesday to address persistent attacks that are taking aim at Mac users with a fake antivirus program.
The update removes known versions of the “scareware” program, which is known as MacDefender. The update also adds detection capabilities to Apple’ s built-in malware monitoring feature to try to stop users from downloading the fake program in the first place. If the updated software sees an attack, it will cause a pop-up warning with a big red stop sign and white exclamation point.
The update is available for only the most recent 10.6 versions of the Mac OS X computer and server operating systems. Users can get the update immediately by clicking on the Apple icon on the top left of their screen and selecting “Software Update.”
Apple said in an advisory that its removal and blocking tools will be updated daily to catch any new versions of the scareware.
And it looks like it will need to. Within hours of issuing its security update, a new version of MacDefender was spotted that evaded the new defenses, ZDNet reported. And antivirus company F-Secure said it was seeing a “significant” attack on American and British users of
Facebook that was able to hit both Macs and Windows PCs. The Facebook attack was spreading virally using the site’s “Like” feature and lures users with a promise of salacious videos, including of Dominique Strauss-Khan’s alleged rape attempt.
MacDefender has been targeting Mac users for the last month using malicious Web pages. These pages use tactics that are commonly used by the online-marketing industry and malicious attackers alike. The most recent versions of the program have been able to install on Macs without users needing to enter their password, a layer of defense that helped slow earlier versions.
MacDefender attempts to trick people into thinking their computer is infected with a virus and then tries to sell them security software, which is also fake. Mac users are pressured to supply their credit-card numbers and pay for licenses that cost $60 to $80. Apple provides instructions on how to manually remove the scareware on another page on its Web site.
The spate of attacks has started debate about whether things are now bad enough that Mac users need to use antivirus software. Macs are theoretically as vulnerable to malware as other computers, but a smaller marketshare has long made going after the machines less fruitful and interesting for attackers. However, the rising popularity of Macs and other Apple products could be changing that.
“Apple is losing its security-by-obscurity luster,” said Paul Henry, principle at consultancy vNet Security and a security and forensic analyst for Lumension Security.
It helps that Apple provides its own antivirus protection, though its tool has been very basic to date. A number of companies offer security software for Macs. F-Secure sells a product for 32 euros a year ($46), Mac specialist Intego charges $50 and Sophos provides a free product.
