The timing of the newest version's release suggested that Microsoft, which previously with a group responsible for a fast-spreading Windows fake antivirus scam, was on the right track. Microsoft had pointed to evidence that the gang was based in Russia.

"It suggests that they're not in the States," said James, noting that Apple updated Snow Leopard around 6 p.m. ET Tuesday, or midnight in France, where Intego is headquartered, and about 2 a.m. Wednesday in Moscow.

"They would have had a full day to get this up," James said of the new version's appearance in the early evening today, Moscow time. "It makes more sense that they're on this side of the Atlantic."

Apple's update was offered only to customers running Snow Leopard; Macs powered by the older Mac OS X 10.5, known as Leopard, will not receive the same anti-MacDefender protections.

According to Web metrics company Net Applications, nearly a third of Mac users -- 31% to be exact -- run a version of Mac OS other than Snow Leopard.