Hours after security update, new MacDefender variant evades it

And the cycle continues. Yes, just hours after Apple released a security update designed to smack down the recently-prevalent MacDefender malware, ZDnet's Ed Bott reports that a new variant of the bogus 'security' software has been released into the wild. This version is called "Mdinstall.pkg" and it works exactly as before, installing itself on Safari without any approval needed (as long as the default "Open 'safe' files after downloading" setting is on, which we recommend you disable). The timestamp on the file reportedly shows that it was put together as recently as last night, which means that these hackers are actively working against any defenses Apple put in place yesterday.

The security update from Apple -- so far only available for Snow Leopard 10.6.7 users, meaning that 10.5 Leopard users (not to mention 10.4 Tiger) are still vulnerable -- adds a new option in the Security preference pane, seen here. The anti-malware tool apparently checks in with Apple's servers periodically to update its definitions suite, just as you would expect it to.

So what's the solution here? Short of Apple simply removing the ability of Safari to open up files like this at all (which would of course hamper that functionality for folks who use it), the only real solution is to do what you've got to do on all computer systems subject to attacks: practice constant vigilance. It'll be interesting to see if Apple steps back up again on this one with another update (which would then incur another variant of the malware), but until then, users have to be educated and careful about what they click on in the browser.

If you're already fighting off an installation of the Mac Defender malware, be sure to check out our handy removal guide.