Apple's malware detection update circumvented in 8 hours

Yesterday Apple released an update to OS X that tackles the new MacDefender malware threat and its variants, but a new variant to the malware already bypasses Apple's efforts.

Topher Kessler MacFixIt Editor
Topher, an avid Mac user for the past 15 years, has been a contributing author to MacFixIt since the spring of 2008. One of his passions is troubleshooting Mac problems and making the best use of Macs and Apple hardware at home and in the workplace.
Topher Kessler
2 min read

Update (June 2, 7:51am): In less than a day Apple's Snow Leopard is back in the lead with the ability to detect this new variant.

Let the cat and mouse games commence. Less than a day after Apple tackled the malware threats in OS X with an updated implementation of its malware detection technologies, the MacDefender malware developers have issued another variant that bypasses Apple's definitions to root out and remove the malware.

As described by ZDNet editor Ed Bott, the new variant comes as a download called "Mdinstall.pkg" and will run without being detected by Apple's new security implementations. It also shows that the malware developers are very actively trying to circumvent Apple's efforts; the file's time stamp shows that it was issued less than 8 hours after the security update for OS X was released.

Despite this new variant, Apple's security update will still detect and remove older variants of the malware, but as with Apple's attempt to thwart iPhone jailbreaking, the hackers are hard at work to jump over every hurdle Apple throws in their way. Apple will undoubtedly begin issuing additional updates to help identify these malware variants, and with the new security implementation set to check for definitions on a daily basis, hopefully all users will have to do is wait for Apple to issue new definitions.

New security system preferences
Changes to the new system settings may revert if the system preferences have been left open for more than 30 seconds (click for larger view).

Besides the new variant of MacDefender, a potential bug in Apple's updated security system preferences pane has been revealed that may prevent settings from being saved. Mac security firm Intego issued a new report that outlines the bug.

In the update to the security system preferences, Apple introduced an option to automatically update the safe downloads list, which performs a daily update to malware definitions if checked. Intego found that if you make changes to this setting, the system may revert them. This could be as simple as a permissions error, or it could be a problem with the coding of the new security features, but it will likely be addressed by Apple soon. This bug seems to only happen after the security preferences pane has been left open for more than 30 seconds, so you should still be able to make proper changes to settings, provided you do so and then close the system preferences in under 30 seconds.

Update (June 2, 7:51 a.m.): The cat is back in the lead. Apple has updated Snow Leopard's XProtect yet again to tackle the new variant, and did so in less than a day after the original update was circumvented. Apple is taking a very active approach to prevent this malware from being a problem for people.

Questions? Comments? Have a fix? Post them below or e-mail us!
Be sure to check us out on Twitter and the CNET Mac forums.