Updated rogue AV installs on Macs without password

[Peaches]

Updated rogue AV installs on Macs without password

A new version of rogue antivirus malware that targets the Macintosh operating system does not need victims to type in their administrator passwords to install and infect the machine, a security company said today.

The latest version of the malware has been overhauled to look like a native Mac OS X application and is using the application name MacGuard, according to an Intego blog post. But particularly concerning is the fact that unlike previous versions, which were dubbed Mac Defender, MacProtector, and MacSecurity, MacGuard installs itself without prompting for the admin password.

"If Safari's 'Open safe files after downloading' option is checked, the package will open Apple's Installer, and the user will see a standard installation screen," the antimalware company's post says. "If not, users may see the downloaded ZIP archive and double-click it out of curiosity, not remembering what they downloaded, then double-click the installation package. In either case, the Mac OS X Installer will launch."

"Since any user with an administrator's account--the default if there is just one user on a Mac--can install software in the Applications folder, a password is not needed," Intego says. "This package installs an application--the downloader--named avRunner, which then launches automatically. At the same time, the installation package deletes itself from the user's Mac, so no traces of the original Installer are left behind."

Read full details here: http://news.cnet.com/8301-27080_3-20066174-245.html