The MacDefender malware has been playing havoc with unwitting Mac users for the last month or so and last week Apple acknowledged its existence and promised a security update to OS X. The good news is that Apple have now shipped the promised update and MacDefender removal tool.
Security Update 2011-003 does three very specific things:
- The OSX.MacDefender.A definition has been added to the malware check within File Quarantine. Information on File Quarantine is available in this Knowledge Base article: http://support.apple.com/kb/HT3662
- The system will check daily for updates to the File Quarantine malware definition list. An opt-out capability is provided via the “Automatically update safe downloads list” checkbox in Security Preferences. Additional information is available in this Knowledge Base article: http://support.apple.com/kb/HT4651
- The installation process for this update will search for and remove known variants of the MacDefender malware. If a known variant was detected and removed, the user will be notified via an alert after the update is installed. Additional information is available in this Knowledge Base article: http://support.apple.com/kb/HT4651
Mac users were getting infected by MacDefender when they were redirected from legitimate websites to fake websites which told them that their Mac was infected with a virus. The user is then offered the MacDefender “anti-virus” software to solve the issue. Of course, this “anti-virus” software is in fact malware trying to get credit card information. The most common names for this malware are MacDefender, MacProtector and MacSecurity.