Apple fesses up to MacDefender malware; ships removal tool

Apple fesses up to MacDefender malware; ships removal tool

Summary: Faced with the embarrassment of an aggressive scareware (fake antivirus) campaign against Mac users, Apple today shipped a definition update to its File Quarantine feature to block the MacDefender threat.

SHARE:

Faced with the embarrassment of an aggressive scareware (fake antivirus) campaign against Mac users, Apple today shipped a definition update to its File Quarantine feature to block the MacDefender threat.

Today's Security Update 2011-003 follows scathing criticism of the company's response to the threat and provides further confirmation that there is a clear and present malware threat to the Mac OS X ecosystem.

The File Quarantine update is available for Mac OS X v10.6.7 and Mac OS X Server v10.6.7.follow Ryan Naraine on twitter

An advisory from Apple identifies the threat as OSX.MacDefender.A.

The File Quarantine feature has also been beefed up to automatically check for known malware definitions and apply these updates when necessarily.

"The system will check daily for updates to the File Quarantine malware definition list. An opt-out capability is provided via the "Automatically update safe downloads list" checkbox in Security Preferences," Apple explained.

For Mac users who already fell victim to the MacDefender scam, Apple shipped a malware removal tool to handle post-infection clean up.

The installation process for this update will search for and remove known variants of the MacDefender malware. If a known variant was detected and removed, the user will be notified via an alert after the update is installed.

The MacDefender scam has used social engineering lures associated with Bin Laden's death to spread.  There are multiple variants in circulation, according to anti-malware experts tracking the threat.

Topics: Apple, Hardware, Malware, Operating Systems, Security, Software

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

34 comments
Log in or register to join the discussion
  • Too mach ado about little thing

    http://www.zdnet.com/tb/1-97919-1892375
    DDERSSS
    • RE: Apple fesses up to MacDefender malware; ships removal tool

      @denisrs

      If it was just a "little thing", Apple wouldn't have released an update / removal tool.

      They would have continued to shrug it off and/or deny it's existence as they tried to do originally.

      The fact that Apple has acknowledged this is an issue, means the religious fanbois have to acknowledge it, too.

      (awwww :( )
      SonofaSailor
      • RE: Apple fesses up to MacDefender malware; ships removal tool

        @SonofaSailor Touche'
        ItsTheBottomLine
      • Message has been deleted.

        TheMacDaddyOSX
      • The MacDaddyOSX - how about a wake-up call.

        Apple released several MEGA or MONSTER patches for OSX yearly. SL was a fix for Leopard which was actually far worse in it's problems than Vista but there is not a legion of anti-Apple people, zealots that is, to propogate. My God, the OS would lose any amount of data sent with any drop in connection when first released. If you were transferring 10GB to a share and lose connection? GONE. Permanently.
        That is just factual history. The sign of an OS that I would never use. Leopard was so half backed the rush to get out SL was on before it was released. And they wanted to catch up to Windows and finally have a full 64 bit OS since MS had one for several years prior.

        But back to the MEGA patches. You never bothered to see what they fixed? hundreds per year were to fix holes in the OS, many of which were of the variety of taking control of the OS remotely. Go ahead, look through them and tell me you don't find fixes for code that would allow an attacker to take control.
        Because nobody bothered, OSX is secure? It makes those holes and other crap code that is fixed relentlessly with band-aids on top of band-aids on top of band-aids etc etc. disappear?
        Speaking of noobs.
        Your "OOOHHHHH BIG DEAL" shouts zealot, so we know the answer to "pick a side" you fall on.
        Apple fanatics are friggin cry babies.

        Jobs took advantage of the Open Darwin team to steal code and to the point they flat out quit, and you think he won't give it you up the arse?
        LOL. Keep on living in your little world dude. It fits you well.
        xuniL_z
    • RE: Apple fesses up to MacDefender malware; ships removal tool

      @denisrs : Must of not been a little thing with the number of support calls Apple got about this. Remember. You have many novices who never even seen any malware before [they were probably hyperventing or fainted when it happened].
      Gis Bun
      • There is no data about quantity of calls; Microsoft Report's 'source' is ..

        @Gis Bun: .. is not source for that.
        DDERSSS
      • RE: Apple fesses up to MacDefender malware; ships removal tool

        @Gis Bun <br><br>Hey Bunz, <br><br>Being a level 3 support technician for both OSX and Windows, I can tell you that I am an advanced user who has never seen any malware/spyware/viruses/trojans on OSX. I've seen thousands on Windows of course, but not one on a Mac...hmmmmm. Oh an remember, we have many n00bs out there spreading lies about a "threat" to OSX. Would you happen to know any of them? Please let me know if you find any of these confused individuals and I'll explain reality to them.
        TheMacDaddyOSX
      • &lt;i&gt;&lt;/i&gt;

        <i></i>
        xuniL_z
      • The MacDaddy OSX I can tell you, as a senior level support engineer...

        That I get more calls from the OSX groups that are not running Windows, which are very very few and far in between, wanting to know why they can't run the software and have the privilege to work outside the "box" like the Windows users can and how can I help them do so.
        OSX is a locked down, locked in nightmare. If you are happy with a consumer product that is limited in it's abilities just like any other consumer electronic toy, then good for you.
        But as for the real world, Macs are very hard to find and when you do, they are almost always running Windows.
        hmmmm?
        No go blow it out your a** for all of your pathetic condescending replies to those of us who know what's really going on. You may report back to Father Jobs now with your daily reports, shill.
        xuniL_z
    • Message has been deleted.

      Message has been deleted.
      james347
    • RE: Apple fesses up to MacDefender malware; ships removal tool

      @denisrs Before OS X, and before Windows 95, Apple's System / Mac OS had more of a virus problem than the Amiga, Atari ST or IBM PC platforms.

      Between '88 and '92, we had to remove roughly 10 times as many viruses from Apple Macs as we did from MS-DOS and Windows machines.
      wright_is
  • a day late

    and a dollar short.
    rtk
  • RE: Apple fesses up to MacDefender malware; ships removal tool

    Even after all this, the Mac bloggers are still silent over the issue. Not once did they advise on the malware and how to remove it. I wonder how much worse this could have been had others not picked up the slack.
    The one and only, Cylon Centurion
    • Sleeping Centurion

      @Cylon Centurion

      lol - what do you read Mac blogs? If you did you would see they were much more accurate on this trojan. And how to remove it if you were silly enough to install it. Maybe you missed it because you were looking for a windows list to remove a virus - but this was as simple as 'quit & move to trash'.

      Mac bloggers weren't denying a trojan was in the wild. It's what the 3rd in the last 10 years or so I think? No they weren't buying into the doom n gloom 'viruses have hit mac' ZD take though.

      So stay drowsy & keep enjoying windows - I'm happy you do. Not being sarcastic either - if you like windows GREAT! Computers, OS & software are simply tools to get a job done. So it's great you've found something that works for you :)
      stuff6
      • stuff@ times come and go. It's all social engineering at this point.

        From poster wright_is in a post above:
        <i>Between '88 and '92, we had to remove roughly 10 times as many viruses from Apple Macs as we did from MS-DOS and Windows machines. </i>
        Then when Windows left the Mac far behind on it's way to over a billion users around the globe, of course they became the #1 target. What most Apple users confuse is that because of that, Windows was less secure than a Mac. If you look at exploit patches in just the last 5 years, you'd see that OS X has patched hundreds more holes that were exploitable, many remotely, than has been needed for NT.
        Yet, due to it's dominating presence and social engineering working best on a billion vs. a few million, Windows has been the target, even with less holes to take advantage of.

        Now perhaps the tide is turning back, we can only wait and see but the fact of the matter is when a system has exploitable holes, it just does. Because they are not targeted does not make that OS safer, not in the long run. Someone could come out with the "NO Name OS" scabbed together by some hacks with absolutely no security in the design, wide open to attack, but since "NO Name OS" only has .0000001% of the market, nobody is going to bother with it, even though it's the most vulnerable.
        I'm not saying you fall into this category, but why can't most Mac users understand this very basic and simple truth when it comes to OS X vs Windows? NT 6.x is the most secure OS on the market right now according to many security professionals including one from the Apple camp.
        But it's not perfect, as no OS ever can be, and it's much fewer possible attack vectors are simply hammered on by the vast majority of hackers/criminals/terrorists. Simple as that, because...ummm....the over billion users....ya know.

        ;)
        xuniL_z
      • Wow, if an Apple user hears the truth, they immediately have it flagged....

        the cult has drank from the Apple kool-aid so much and so often that the truth hits them like a hard slap in the face and they can't take it, so they pretend it's not true.
        Afterall, Father Jobs would never betray them. He has led them and taught them how to think and act and believe for so long they have no concept or reality.
        OMG. It really is true.
        LOL!!!!
        xuniL_z
    • RE: Apple fesses up to MacDefender malware; ships removal tool

      @Cylon Centurion

      Funny, TUAW had a blog post about it, how to remove it, and it was mentioned in at least 2 podcasts.
      itguy08
    • RE: Apple fesses up to MacDefender malware; ships removal tool

      @Cylon Centurion

      TUAW and MacRumors were on it. ZDnet's O'Grady and Morgenstern were silent.
      Lester Young
    • RE: Apple fesses up to MacDefender malware; ships removal tool

      @Cylon Centurion

      So, what is it? Are you clueless? Or a [new] Troll.

      Of course, you might not be new, here. I just don't check in here at ZDNet all that often?unlike some of the several apparent MS Shills and obvious Apple Haters.

      Silent? Silent?

      HELLO?
      brian ansorge