In an unusual move, Apple has announced that it will be releasing an update to its Mac OS X operating system that will directly detect and remove the MacDefender malware/phishing scam that has been targeting Mac OS X. Apple says the update will be available “in the coming days,” and in the meantime has posted instructions for users to manually remove MacDefender and its variants.
Although MacDefender popped up earlier this month, it’s only in the last few weeks that the scareware seems to have gained any real momentum in the Macintosh world. The MacDefender malware isn’t a worm or virus that spreads on its own between computers; instead, the scam directs Mac users to Web sites that tell them their computer is infected, and the problem can be solved by downloading specialized software—usually dubbed MacDefender, MacSecurity, or MacProtector—to solve the non-existent problem. Once users download the software, it attempts to extort users for credit card information to “fix” their computers. This sort of scareware scam is all-to-familiar to Windows users, but essentially unheard-of in the Macintosh community.
Although Apple has some rudimentary malware protection in Mac OS X—and has added new signatures from time to time—Apple’s announcement that it will be issuing an update to combat MacDefender is a significant step for the company. Although Apple routinely updates Mac OS X to include security fixes, this is the first time in recent memory Apple has updated Mac OS X to combat a specific threat “in the wild.” Apple has not announced what versions of Mac OS X it plans to update: certainly the current Mac OS X “Snow Leopard” will receive an update, but there’s no word on whether Apple will extend protection back to Mac OS X 10.5 “Leopard” or earlier.
Apple’s manual instructions for removing the malware essentially amount to using Mac OS X’s built-in Activity Monitor application to shut down processes associated with MacDefender, then deleting its files.
Macintosh users have long enjoyed the near-total absence of malware, as creators of worms, trojans, viruses, and other malware have traditionally focused on Windows due to its dominant share of the PC market. However, as Apple’s market share and profile have risen, the company and its products are now apparently beginning to attract the attention of malware writers—and years (make that decades) of relative safety may have instilled a sense of complacency amongst Macintosh users that could leave many unprepared to deal with significant malware. At least, when significant malware arrives, and MacDefender doesn’t qualify. The scareware isn’t exploiting any technical flaw in Mac OS X: it’s simply tricking users and preying upon their fears, and there isn’t platform or security program in the world that can protect solve that problem.