Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Mac Rogue developers update Mac Guard to bypass the new Apple Security Update 2011-03


  • Please log in to reply
6 replies to this topic

#1 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,639 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:10:19 AM

Posted 01 June 2011 - 12:11 PM

Apple yesterday released their much anticipated security updated labeled Security Update 2011-03. This update was deployed to detect and remove the Mac-FakeRean family of rogue anti-spyware programs for the Mac. These rogues currently consist of Mac Security, Mac Protector, Mac Defender, and Mac Guard. When this security update is installed and you attempt to download one of these rogues, you will receive an alert stating that the download is harmful:

"avSetup.pkg" will damage your computer. You should move it to the Trash. Safari downloaded this file today at <time> from <site>. It contains the "OSX.MacDefender.B" malware.

An image of this alert can be seen below.

Posted Image


When Apple released information about this update, it was widely said that there was no way that Apple was going to be able to update their definitions in a timely manner so that the OS X would be protected against new variants as they are released. In my opinion, properly protecting a computer is the job of a third-party security software that can quickly release new definitions rather than a OS controlled definition update that must pass through what are typically much more rigorous quality control steps before it is released. This delay would provide a good window of opportunity for this infection to defraud end-users.

As part of the new security update, Apple has enabled a new option by default in the Security preferences screen labeled Automatically update safe downloads list. The safe downloads list is the definition files that OS X will use to protect the operating system from known threats. Enabling this option will allow OS X to query for new updates to the safe downloads list and automatically download it when it has become updated. Historically, Apple has not been quick to update the safe download list when new threats were released. Hopefully this will change.

Posted Image


To bypass this new update, the Mac rogue developers have already released a new version of the Mac Guard downloader. Instead of using the old installer called avSetup.pkg and the downloader app called avRunner, it instead installs a different installer called mdInstall.pkg and a download application named mdDownloader. This new version of the downloader is not detected by Security Update 2011-03 and allows the program to be easily installed.

My advice to Mac owners is to get an anti-virus software installed. These rogue programs are not going away and will only get worse.

For those who may get infected, the BleepingComputer Mac Rogue Remover tool continues to be able to remove this infection.

Updated to include new Security preferences option - 06/01/11 01:26PM EST


BC AdBot (Login to Remove)

 


#2 keyboardNinja

keyboardNinja

    Bleepin' Ninja


  • Members
  • 4,815 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:teh interwebz
  • Local time:08:19 AM

Posted 01 June 2011 - 03:25 PM

Saw this today on various tech sites. Scary stuff. :blink:
PICNIC - Problem In Chair, Not In Computer

Posted Image Posted Image

20 Things I Learned About Browsers and the Web

#3 computerxpds

computerxpds

    Bleepin' Comp


  • Moderator
  • 4,489 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:10:19 AM

Posted 04 June 2011 - 05:14 PM

Did you hear avast is coming out with a new mac antivirus and it will be FREE!!
sigcomp.png 
If I have replied to a topic and you reply and I haven't gotten back to you within 48 hours (2 days) then send me a P.M.
Some important links: BC Forum Rules | Misplaced Malware Logs | BC Tutorials | BC Downloads |
Follow BleepingComputer on: Facebook! | Twitter! | Google+| Come join us on the BleepingComputer Live Chat on Discord too! |

#4 Grinler

Grinler

    Lawrence Abrams

  • Topic Starter

  • Admin
  • 43,639 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:10:19 AM

Posted 04 June 2011 - 05:53 PM

That's good to hear.

#5 computerxpds

computerxpds

    Bleepin' Comp


  • Moderator
  • 4,489 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:10:19 AM

Posted 04 June 2011 - 06:06 PM

I just resized I forgot to post a link to at least the beta. Please note that this program is a pre-release beta version of a product and not completely tested to ensure its stability or reliability. Please use at your own risk.

http://forum.avast.com/index.php?topic=78646.0

I have been using sophos for a while and will use this when a final release is made. I am glad as well to see anti-virus makers stepping up and offering more tools.

Edited by computerxpds, 04 June 2011 - 06:07 PM.

sigcomp.png 
If I have replied to a topic and you reply and I haven't gotten back to you within 48 hours (2 days) then send me a P.M.
Some important links: BC Forum Rules | Misplaced Malware Logs | BC Tutorials | BC Downloads |
Follow BleepingComputer on: Facebook! | Twitter! | Google+| Come join us on the BleepingComputer Live Chat on Discord too! |

#6 keyboardNinja

keyboardNinja

    Bleepin' Ninja


  • Members
  • 4,815 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:teh interwebz
  • Local time:08:19 AM

Posted 04 June 2011 - 06:10 PM

Cool. :)

Thanks for sharing, computerxpds. :thumbsup:
PICNIC - Problem In Chair, Not In Computer

Posted Image Posted Image

20 Things I Learned About Browsers and the Web

#7 computerxpds

computerxpds

    Bleepin' Comp


  • Moderator
  • 4,489 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:10:19 AM

Posted 04 June 2011 - 06:43 PM

As always your welcome kN!! :)
sigcomp.png 
If I have replied to a topic and you reply and I haven't gotten back to you within 48 hours (2 days) then send me a P.M.
Some important links: BC Forum Rules | Misplaced Malware Logs | BC Tutorials | BC Downloads |
Follow BleepingComputer on: Facebook! | Twitter! | Google+| Come join us on the BleepingComputer Live Chat on Discord too! |




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users