MacShield variant bypasses Mac OS X detection

After Apple released detection for MacDefender in Mac OS X, the virus writers have posted a new variant of the fake software a few hours later that evades the Apple detection functionality.

Whilst visiting a compromised website users will see a fake virus scan occurring within their web browser, typical of all variants. The JavaScript then downloads an installer package, mdinstall.pkg, which automatically expands and runs an intermediate file (mdDownloader) that downloads a MacDefender variant called MacShield to the Applications folder.

ProtectMac AntiVirus customers are protected against these threats OSX.MacDefender, Trojan-Downloader.OSX.Fav.A

***To prevent downloaded archives and files from being opened automatically it is recommended that you disable the ‘Open “safe”files after downloading’ option in their General Safari preferences.

Safari_prefs