A new Trojan has arrived for the Mac OS X, and some reports have blamed it for contributing to a spike of malware infections. Called "Mac Defender," one of the newer versions exploits JavaScript to automatically download it when the user clicks on an image on a malware-laden site.

As reported by CNET, the following then took place:

"A warning pops up saying something like, suspicious activity has been detected on the machine, or Apple Web Security has detected malware on the machine and is offering to remove it. Clicking ‘ok' launches what looks like a scan of the machine and then you are told that the machine is infected."

This trickery culminates in a request for the administrator password to "remove" the alleged malware infection. Unfortunately, keying in the password will install the Trojan proper, which will proceed to harass the user for credit card information.

I gave my opinion that the Mac isn't more secure when I wrote about the results of Pwn2Own 2010 early last year. At that time, I ended my commentary with: "Don't give your passwords to anyone; don't click on strange links or run files from unknown origin. And yes, stop believing that the Mac is more secure." However, what caught my interest this time wasn't the fact that there's new Mac malware out there, but how poorly Apple (NASDAQ: APPL) seems to be handling it. 

It is no secret that the sales folks from Apple have never been shy to count the security aspects of the Mac OS X as one of its selling points. The irony is that Apple's IT department mandates the use of Norton Antivirus on its machines, and the Apple store itself does sell several antivirus products.

So it's unfortunate that internal support instructions sent out from Apple in response to Mac Defender instruct Apple Store Geniuses to neither confirm nor deny the presence of any malware, nor attempt to fix the problem. But is Apple doing its customer a grave disservice by refusing to acknowledge the possible presence of malware, and at least recommending that they purchase the antivirus products that it has ready stocks of--since doing so is tantamount to admitting to the presence of a malware infection?

In his report on this matter, Ed Bott of ZDNet made a comparison to how Microsoft (NASDAQ: MSFT) handles malware infections, noting that Microsoft's computer safety team is available via a toll-free number for computer virus and for other security-related support 24 hours a day in the United States and in Canada--which is applicable for software purchased either as retail or as part of a new PC.

I suppose prominent security researcher Charles Miller summed it up best when he told Ars Technica. "The difference is that there simply isn't that much malware written for it. The bad guys have focused all their energy at Windows, which makes up the vast majority of the computers out there. However, as market share for Macs continues to inch up, that equation is going to change and bad guys will begin to focus in on Macs, if that hasn't already started to happen. And as I mentioned above, Macs are no more inherently secure than Windows, so when the bad guys decide to go after them with gusto, it'll get ugly fast."

The question is: Did Apple just prove that it isn't ready for the bad guys? - Paul Mah (Twitter @paulmah)