There’s no defense for popularity..

I was going to title this post with something a bit more ‘Apple’ but the real problem with malware is popularity.

Recently Apple had to fight off a rather annoying malware attack from an application called Mac Defender that masqueraded as a useful utility for Apple’s OSX. Users duped into installing the fake application were rewarded with unwanted content and a security breach of private files on the machine. Many sites grumbled that Apple’s fix took 3 weeks to deliver and users who weren’t savvy were available victims for that time period.

Last night I started getting pings from news sites on the web that a fresh deployment of MacDefender was hitting OSX users with a slightly different name of “MacGuard”. Along with the name change the new malware seems to have found a loophole in the installer options that allows it to self-install without even needing to trick the user into clicking anything. Clearly Apple will need to have a better response time than 3 weeks on this new version of the malware:


From early reports, if you are not surfing the web as an administrator the malware cannot install itself without prompting for the administrator password, which should help slow down the spread. Sadly OS X’s default account is the administrator account, so it’s rather common for users to be surfing the web as the administrator.

“Unlike the previous variants of this fake antivirus, no administrator’s password is required to install this program. Since any user can install software in the Applications folder, a password is not needed. This package installs an application – the downloader – named avRunner, which then launches automatically. At the same time, the installation package deletes itself from the user’s Mac, so no traces of the original installer are left behind.”

Lets be clear however that savvy users saw this coming and it was really only a matter of time before the popularity of OS X became a problem. Now that it’s worthwhile to go after OS X users, expect it to happen, and take every precaution you can. Hopefully Apple’s next update won’t take too long.