Let's pretend that rather than being a massively successful technology company, Apple was actually, you know, an apple. The bright, shiny red kind the old lady down the street hands out on Halloween. It looks really delicious on the outside, but deep down inside, there's a terrible secret lurking. If Apple is an apple, Mac Defender is its hidden razor. And not even half a day after Apple finally stopped twiddling its thumbs and released a patch to combat the malware, Mac Defender's authors released a new version that's already bypassing the new protections.
Apple released Security Update 2011-003 yesterday, and Ed Bott at ZDNet reports the new Mac Defender variation showed up at 9:24 P.M. Pacific time – less than eight hours after the patch. Bott says the newest variation comes with a different name, Mdinstall.pkg, but works the same as before; it still manages to install without the user ever having to put in their administrative password. And so the vicious cycle continues.
On the plus side, the new File Quarantine definitions supplied by the patch definitely halts the older version of Mac Defender in its tracks. File Quarantine pops when the program tries to install, clearly informing the user of its malicious intent and asking permission to move it to the trash. It's an effective fix; too bad it only worked for one afternoon.