Global Tech News – Apple Tries to Roll Out Trojan Protection, Only to See New Variety Pop Up

Apple, Inc. (AAPL) must be getting a taste of what it feels like for Microsoft Comp. (MSFT).  After years relishing security through obscurity thanks to the relative unpopularity of its products, Apple is seeing sales of its personal computers rise, and with them Mac attacks.

Hackers’ best effort to date is arguably a fake antivirus program named “Mac Defender”.  Various variants of the trojan have reportedly infected one in every twenty Macs.  Reportedly, Apple’s initial response was to intentionally feign ignorance, telling its repair and support staff to ignore the virus and not tell customers about it.

Clearly such an approach was intractable, and Apple eventually relented, quietly announcing that protection was coming via an update.  That protection has arrived and it’s pretty significant.

Dubbed Security Update 2011-003, the update transforms the File Quarantine utility inside OS X 10.6 “Snow Leopard” into what is almost an in-house antimalware applications, à la Microsoft Security Essentials (Microsoft’s free antivirus and antimalware suite).

The update includes definitions of known Mac Defender variants, which will allow the tool to detect and block installation of the trojan when users try download it via web browsers, e-mail, and other common paths.  That’s not so new — Apple has updated with other malware signatures before.

What is new is a shiny new automated removal tool that goes out and tries to hunt down and remove installed versions of Mac Defender on your machine.  The tool is an example of how Apple is increasingly be forced to defend itself against malware, much to the chagrin of die hard users and marketing folks at Apple, both of whom largely prefer to view the platform as immune to all attacks.

The system also contains improvements to the tool which streamline auto-updating of definitions.

But sadly for Apple the story doesn’t end there.  Within 8 hours of releasing the update, ZDNet discovered a new version of Mac Defender popped up named “Mdinstall.pkg” and it’s able to slide right by all of Apple’s fancy new protections.  And like newer versions of the trojan, its crafted to no longer prompt users for a password to install, making the process of accidentally/carelessly installing the program much more subtle.

That variant has since been killed, thanks to yet another update, but there’s likely new versions popping up in the wild as you read this.  Apple has entered the “cat and mouse” game with malware writers that Microsoft has long suffered through.

Desperately trying to patch a widespread infection? Getting thwarted by pesky renamings and refactorings of malware?  It sounds like Apple has discovered what it felt like for Microsoft for all those intrusion-laden years where it was the only party with significant market share.