14 DAY TRIAL // Apple’s latest efforts to keep the likes of Mac Defender away from systems running Mac OS X have already been thwarted by a new variant of the malware dubbed ‘Mdinstall.pkg’, according to reports.
According to Ed Bott blogging for ZDnet, the new Mac Defender variation was deployed hours after Apple released its Security Update 2011-003.
Dubbed Mdinstall.pkg, it has been specifically designed by-pass Apple’s newly instated malware-blocking solution.
With a date and time stamp from last night at 9:24PM Pacific time, the malware has been confirmed as being present in the wild less than 8 hours after Apple launched its security update.
It behaved exactly as Mac Defender did prior to Apple’s patch, at least on systems using Safari with default settings enabled, according to the report.
It doesn’t prompt for a password and, worst of all, it completely avoids detection by the 2011-003 update and signature files.
Speaking of which, Apple’s update was specifically tasked with searching for and removing “known variants” of the MacDefender malware.
Needless to point out, Mdinstall.pkg is not a variant OS X File Quarantine is familiar with following the release of Security Update 2011-003. Had this been a known variant, users would be notified via an alert.
Apple will now have to go back to the drawing board, as the old saying goes.
However, it is no longer necessary to release a patch that users must manually download and apply. Rather, “The system will check daily for updates to the File Quarantine malware definition list,” going by Apple’s security advisory.
In other words, Apple acknowledged that the fight was on between Cupertino and those coding viruses for profits.
With a constantly growing market-share, OS X is no longer ‘immune’ to viruses, as the platform has been widely regarded so far.