Mac OS X viruses take cue from Windows malware: admin password not required any more

Mac OS X malware community is advancing fast and taking many cues from the Windows malware scene, says security firm, Sophos.

Just like in the Windows versions, the latest variants seen today (OSX/FakeAvDl-A) no longer require administrative credentials. “They now install into areas of the system that only require standard user privilege. In other words, the attacks no longer ask for an admin password. On Windows the criminals did this to avoid UAC warnings, and have copied this trick to their Mac OS X releases,” Chester Wisniewski, Senior Security Advisor at Sophos Canada explained.

Apple has stated:

In the coming days, Apple will deliver a Mac OS X software update that will automatically find and remove Mac Defender malware and its known variants.

Some key considerations for Mac users to be aware of are:

1. The name and user interface displayed by this malware will change, so don’t rely on the name.
2. The nature of the enticing message, however, will remain a variant of the “viruses (or Trojans, or spyware, etc) have been detected on your computer” message, followed by a request to install the cleanup software, which of course is only available for a fee.

Mac users can defend themselves from variants of this attack by:

1. Going to Safari->Preferences->General and deselecting the “Open “Safe” files after downloading” option
2. Installing a reputable  antivirus software from a trusted source

Finally, users of any system should be aware there is currently no legitimate antivirus or security software that alerts you through a browser that malware of any type has been detected and that security software must be installed to remove it. A modern browser may block a suspect site, but it won’t behave in this manner. This is a sure-fire attempt to scare a user into installing a malicious program. In general, if you see a suspicious warning that asks you to install software, simply close the browser, or Force Quit if you need to. NEVER click “OK,” “Cancel” or any other button or links in the window alerting you to fake infections, as that is often what starts the actual download or installation of the malware.

When Apple introduced XProtect with OS X 10.6 Snow Leopard, they added rudimentary detection of malware. In the nearly two years since its introduction, they have only updated it a few times.

Are they going to develop their own anti-virus software? The fast pace with which new variants arrive requires a very different style of software development and updating than Apple is accustomed to.