Apple may have conquered the Mac Defender malware with an official support page and a promise to wipe out the problem through a software update, but that's not stopping malware authors from fighting back.
A new type of fake antivirus software called Mac Guard has emerged, and unlike Mac Defender, it doesn't need a password to install. The malware is otherwise similar to its predecessor, showing up on poisoned Web pages that use search engine optimization to try to reach the top of search results.
Mac Guard opens a Web page masquerading as a warning screen in OS X, telling users that they must install antivirus software to remove trojans. If Safari's "Open 'safe' files after downloading" option is checked, the installation process begins automatically, although the user can still back out at that point. Once installed, the malware shows fake threat warnings and opens pornographic websites. It's all a scam to scare users into handing over credit card numbers for antivirus software that doesn't exist.
There's a message implicit in Apple's support page and upcoming patch for Mac Defender: This is a single security threat, and we can handle it. But as Mac Guard demonstrates, the response sets a precedent that could be difficult to maintain. A software update may repel Mac Defender and its variants, but I'd be shocked if future malware attacks didn't require a fresh response.
Can Apple continue to address every high-profile malware attack on a case-by-case basis, or will malware like Mac Defender and Mac Guard force Apple to act like Microsoft, creating a full-blown security center to address attacks? That would be an overreaction now, but it may be inevitable if Apple can't stomp out each individual fire with a security patch.
Join the CIO Australia group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.