Apple has released security update 2011-003 to address the recent increase in malware targeting Mac OS X.
It updates the included XProtect program to detect scareware variants we have seen attacking Mac users, including MacDefender, Mac Guard and Mac Security. It seems to still have the restriction of only working through the LSQuarantine library.
Once installed it will now check for updates to the XProtect list on a daily basis. This can be disabled in the Security preferences pane by unchecking the box “Automatically update safe downloads list”.
Upon installation this update will check for existing infections of known malware and remove it from the system if present. Additional checks are performed when an administrative user logs into the system.
I did some testing this afternoon and was able to confirm that it works. Using Safari, I visited the infected site Graham mentioned from the link spreading on Facebook.
I immediately received a warning that OS X had detected OSX.MacDefender.B, and yet it prompted to allow me to open the file. This is one of the limitations of LSQuarantine, but it is a very bad behavior. If you know something is malicious, don’t let people continue on infecting themselves…
More at sophos.com