May 25, 2011: Just like in the Windows versions, the latest variants seen today no longer require administrative credentials. They now install into areas of the system that only require standard user privilege. In other words, the attacks no longer ask for an admin password. On Windows the criminals did this to avoid UAC warnings, and have copied this trick to their Mac OS X releases.
So, in a little over three weeks we've gone from Mac malware that required the user to enter the admin password to malware that can install without the need for the admin password.
As a Mac user, it sure doesn't feel to me like Apple's 'got me covered.' In fact, given that all we've had from Apple so far is a promise of some sort of patch that will find and remove Mac Defender, I'm beginning to feel that Apple is leaving me wide open to more and more malware. With new variants coming daily, how is Apple going to keep up? Are we going to get monthly patches? Weekly? Daily? Hourly?
Come on Apple, I need to know!
What interests me about this latest malware variant is how it abuses a usability feature of Mac OS X, that is, that Safari will "Open ‘safe' files after downloading" ... something that to a Windows user seems totally crazy and utterly hubristic on the part of the UI designer. While Apple might have been able to shift the blame of installing earlier Mac Defender variants onto the user by using the 'but you entered the admin password' defense, since this latest variant abuses usability compromises that Apple itself idiotically baked into the operating system, this one is Apple fault.
This is going to get worse for Mac OS X user before it gets better.
If you're a Mac OS X user running the Safari browser (if you use another browser, the malware won't autorun, but you could still run it manually), then take a trip over to the General tab of the Preferences pane and uncheck "Open 'safe' files after downloading" - Do it, DO IT NOW!