OFFICIAL SECURITY BLOG

We’ve moved! You can now read the latest and greatest on Mac adware and malware at Malwarebytes.

MacDefender variants slip past security software

Published June 3rd, 2011 at 7:27 AM EDT , modified June 4th, 2011 at 9:02 AM EDT

More and more reports of new variants of MacProtector, including one now called MacShield, are circulating the internet.  Some of them appear to have been modified just enough to be able to slip past some anti-virus (AV) software.  Although AV software is constantly being updated to catch these new variants, it’s a game of catch-up.

It is important for Mac users to do two things.  First is to be vigilant.  If you get alerts about viruses, don’t panic.  That’s just what these hackers want you to do.  Do not run the installer, if it is downloaded, and if it runs, don’t click the Install button.  As long as you don’t do that, you’re not infected.

Second, if it slipped past AV software, submit the installer to AV vendors so they can more quickly update their definitions.  I highly recommend submitting to the ClamAV project, which is a volunteer project and thus needs everyone’s assistance.  Make sure to include the text “macosx” (no spaces) in the description so that the Mac folks can find those submissions among the floods of Windows malware that get submitted every day.

Tags: , , , , , ,

This post is more than 90 days old and has been locked. No further comments are allowed.