Apple has published a technical note regarding the MacDefender (and MacProcter and MacSecurity) fake antivirus, called How to avoid or remove Mac Defender malware. This document explains how to find and remove the fake antivirus, and Apple states that “In the coming days, Apple will deliver a Mac OS X software update that will automatically find and remove Mac Defender malware and its known variants. The update will also help protect users by providing an explicit warning if they download this malware.”
Apple is to be commended for publishing this document, but we have two comments to make. First, this document only discusses how to remove current variants of the malware; future variants may install items in different locations, and under different names, so it will need to be updated. Second, Apple’s malware check feature is only available in Mac OS X 10.6 Snow Leopard, so users of Mac OS X 10.4 and 10.5 won’t have the protection they need.
Intego first discovered the Mac Defender fake antivirus on May 2, 2011. The company has since discovered other variants, and published a video of an early variant. Intego is monitoring the situation closely in case other variants are discovered.
