En garde, Mac users, MacGuard is coming to get you

Alex Zaharov-Reutt
Thursday, 26 May 2011 10:56

Your IT - Home IT

Evil malware writers have tweaked the MacDefender Trojan to no longer need a password for installation if a Mac user is running the default administrator account, finally popping the bubble of invulnerability Mac users have enjoyed and MacDailyNews savaged me over a few years ago.

Back in 2006, I warned that one day, Mac users would see their bubble of invulnerability go 'pop'.

MacDailyNews savaged me over it. However, that day has come, despite the fact that Apple is working hard to update Mac OS X, as it states in its blog post on 'how to avoid or remove MacDefender malware'.

Y'see, according to security company Intego, which sells a Mac anti-malware product, the newest version of the MacDefender malware, now known as MacGuard, doesn't need an administrator password to install for most "standard" users.

Intego says in its post that: 'Unlike the previous variants of this fake antivirus, no administrator's password is required to install this program. Since any user with an administrator's account - the default if there is just one user on a Mac - can install software in the Applications folder, a password is not needed. This package installs an application - the downloader - named avRunner, which then launches automatically. At the same time, the installation package deletes itself from the user's Mac, so no traces of the original installer are left behind.'

Intego's post then goes on to explain that it's at this point that the actual MacGuard malware is downloaded and installed, and that SEO poisoning is helping the malware writers to position their rogue installer on pages that Mac users are likely to visit due to news events around the world.

Neither malware variant needed any action to download, either - you just needed to be at the wrong page at the wrong time for Safari to start downloading something you never intended to download.

Now, we did see famed Apple baiter, fellow technology journalist and also MacDailyNews target John Dvorak go a bit overboard in his article 'The Apple Attack Begins', and given his status as a confirmed Apple baiter, this is no surprise.

However, it is no excuse for Mr Dvorak to not actually do some research. He basically claimed there wasn't much in the area of Mac security software, which is patently untrue.

Mr Dvorak even talked about the AVG installation he has on his PC and its ability to tell him when links on web pages are potentially dangerous, and basically lamented the lack of such a capability on the Mac.

Of course, a simple Google search would have indicated to Mr Dvorak that AVG does indeed offer its Linkscanner software for Macs, and even offers it free of charge.

But hey, let's not let the facts get in the way of a good anti-Apple story.

Continued on page two, please read on!