Mac OS X users have been warned to be wary of a new variation of the Mac Defender 'scareware' that is said to be more dangerous than the original infection.
According to experts at security firm Intego, MacGuard is more dangerous than Mac Defender and several earlier variants including Mac Protector and Mac Security as it doesn't require an administrator password to install.
The aim of the malware is the same - to persuade victims to hand over their credit card details - though the process is slightly different. Initially, visiting an infected website automatically triggers the download of a file that installs itself on your Mac.
If you have the 'Open safe files after downloading' option in Safari checked the installation process will begin automatically and the avRunner program will be installed on your Mac. This then downloads a second file package from a domain belonging to the cybercriminals behind the attack, while deleting all traces of the original installer files.
This second file is the MacGuard package, which will automatically install itself as well. It will then demand credit card details to rid your Mac of the infection.
Intego recommends unchecking the Open safe files after downloading option in Safari and if you should end up on any website that looks similar to Mac OS X's Finder window you should close the browser immediately. If the Installer opens, quit it straight away and check the Downloads folder for any unrecognised files and delete them.
Earlier this week, Apple promised an update to Mac OS X that would find and delete variants of the Mac Defender malware on a user's Mac, as well as warn them should they unwittingly try and download the file.
Opinion: Mac Defender crashes Apple security myth
"In the coming days, Apple will deliver a Mac OS X software update that will automatically find and remove Mac Defender malware and its known variants," Apple said in a statement.
"The update will also help protect users by providing an explicit warning if they download this malware," it continued.
Apple also outlined steps that users with infected Macs can take to remove the scareware on the Apple Support forum.
However Chester Wisniewski of security firm Sophos questioned Apple's approach to the problem, as cybercriminals would simply create more variants to get around any defences the company puts in place.
"Are they going to develop their own anti-virus software? The fast pace with which new variants arrive requires a very different style of software development and updating than Apple is accustomed to.
Contact Us
Digg
It's easy and free to get the latest news headlines, reviews and opinions straight to your email inbox. Sign up NOW to make sure you receive the latest Mac news, reviews and tutorials on your favourite topics.
Comments received
tcat47 said on Thu, 26 May 2011
Just don't install anything that says it's for security or to protect your Mac, Unless it's authorised Apple.
qjames said on Thu, 26 May 2011
Ho ho Chester Wisniewski of Sophos questions Apple's approach...really got your cage rattled hey Chester? Apple could blow the lid of the whole anti-virus (ssshhh! don't tell anyone that you don't really need this program) business model....
...here's hoping.
Disclaimer
Opinions expressed here are those of the writers and do not reflect those of Macworld. Macworld accepts no responsibility legal or otherwise for their accuracy of content.
Click here to read the house rules.
Click here for the latest reader comments