A report notes, malware coders have already succeeded to bypass the initial antivirus signatures implemented with Security Update 2011-003. A new version of Mac Defender, linked to a file called Mdinstall.pkg, appears to have been intentionally crafted to go undetected by up-to-date copies of Snow Leopard. The file is even time stamped to Tuesday at 9:24PM Pacific time, meaning that less than eight hours elapsed before attackers managed to bypass Mac OS’ protections once again.
Although all versions of Mac Defender require people to accept installation, the new variant is among those that don’t ask for an administrator password, making it relatively easier to become infected without due skepticism. Apple may be able to respond more rapidly than it did before.
However, the trouble may, ironically, be based in part on Mac OS’ relative safety, as few victims thought that software being pushed to them was coming from Apple.