Apple fesses up to MacDefender malware; ships removal tool

Summary:Faced with the embarrassment of an aggressive scareware (fake antivirus) campaign against Mac users, Apple today shipped a definition update to its File Quarantine feature to block the MacDefender threat.

Faced with the embarrassment of an aggressive scareware (fake antivirus) campaign against Mac users, Apple today shipped a definition update to its File Quarantine feature to block the MacDefender threat.

Today's Security Update 2011-003 follows scathing criticism of the company's response to the threat and provides further confirmation that there is a clear and present malware threat to the Mac OS X ecosystem.

The File Quarantine update is available for Mac OS X v10.6.7 and Mac OS X Server v10.6.7.

follow Ryan Naraine on twitter

An advisory from Apple identifies the threat as OSX.MacDefender.A.

The File Quarantine feature has also been beefed up to automatically check for known malware definitions and apply these updates when necessarily.

"The system will check daily for updates to the File Quarantine malware definition list. An opt-out capability is provided via the "Automatically update safe downloads list" checkbox in Security Preferences," Apple explained.

For Mac users who already fell victim to the MacDefender scam, Apple shipped a malware removal tool to handle post-infection clean up.

The installation process for this update will search for and remove known variants of the MacDefender malware. If a known variant was detected and removed, the user will be notified via an alert after the update is installed.

The MacDefender scam has used social engineering lures associated with Bin Laden's death to spread.  There are multiple variants in circulation, according to anti-malware experts tracking the threat.

Topics: Apple, Hardware, Malware, Operating Systems, Security, Software

About

Ryan Naraine is a journalist and social media enthusiast specializing in Internet and computer security issues. He is currently security evangelist at Kaspersky Lab, an anti-malware company with operations around the globe. He is taking a leadership role in developing the company's online community initiative around secure content managem... Full Bio

zdnet_core.socialButton.googleLabel Contact Disclosure

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.