MacDefender variants slip past security software
Published June 3rd, 2011 at 7:27 AM EDT , modified June 4th, 2011 at 9:02 AM EDT
More and more reports of new variants of MacProtector, including one now called MacShield, are circulating the internet. Some of them appear to have been modified just enough to be able to slip past some anti-virus (AV) software. Although AV software is constantly being updated to catch these new variants, it’s a game of catch-up.
It is important for Mac users to do two things. First is to be vigilant. If you get alerts about viruses, don’t panic. That’s just what these hackers want you to do. Do not run the installer, if it is downloaded, and if it runs, don’t click the Install button. As long as you don’t do that, you’re not infected.
Second, if it slipped past AV software, submit the installer to AV vendors so they can more quickly update their definitions. I highly recommend submitting to the ClamAV project, which is a volunteer project and thus needs everyone’s assistance. Make sure to include the text “macosx” (no spaces) in the description so that the Mac folks can find those submissions among the floods of Windows malware that get submitted every day.