Apple owns up to malware attacks and promises fix – soon

Somewhat belatedly, perhaps, Apple has admitted that its OS X operating system is being targeted by the MacDefender fake security software, and is taking steps to combat it.

The company posted a new support document last night, promising a new software update.

“A recent phishing scam has targeted Mac users by redirecting them from legitimate websites to fake websites which tell them that their computer is infected with a virus. The user is then offered Mac Defender ‘anti-virus’ software to solve the issue,” says the document.

“In the coming days, Apple will deliver a Mac OS X software update that will automatically find and remove Mac Defender malware and its known variants.  The update will also help protect users by providing an explicit warning if they download this malware.”

The malware, known as MacDefender, MacProtector or MacSecurity, poses as an anti-virus program. It aims to persuade users that they have an infection, and pay up to remove it.

Most users appear to be becoming infected through malicious pages appearing in Google Image searches.

But Apple has been widely criticized for offering too little, too late. Sophos security researcher Chester Wisniewski, for example, queries why Apple doesn’t recommend that its users run an anti-virus program – like the free one offered by Sophos.

And issuing an OS X update is all very well, but it’s a slow process – and one which would be hard to repeat every time if Mac malware starts to proliferate.