Apple yesterday released a small security update for OS X Snow Leopard that addresses the Mac Defender malware that’s been making so many waves as of late. Particularly worrisome is that Mac Defender masquerades as an elegantly designed anti-malware program and that the latest variant no longer needs a user to type in their admin password in order to install.
But just hours after Apple issued its security update came a new variant of Mac Defender which circumvents the security measures implemented by Apple.
Hours after Apple released this update and the initial set of definitions, a new variation of Mac Defender is in the wild. This one has a new name, Mdinstall.pkg, and it has been specifically formulated to skate past Apple’s malware-blocking code.
The file has a date and time stamp from last night at 9:24PM Pacific time. That’s less than 8 hours after Apples security update was released.
No reason to be overly concerned, however, as Apple’s recent security update is able to update itself manually to quickly react and ideally counteract new malware and new variants of existing malware.
Apple maintains a list of known malicious software that is used during the safe download check to determine if a file contains malicious software. The list is stored locally, and with Security Update 2011-003 is updated daily by a background process.
Still, the current Mac Defender malware should be in play for a short while and given how quickly the folks behind the malware skirted around Apple’s protections, it doesn’t seem that they have any intention of giving up anytime soon.