Apple Investigating 'MACDefender' Malware, Support Staff Barred From Assisting Customers

[MacRumors]

Earlier this month, a new malware threat known as "MACDefender" popped up, targeting Mac OS X users with requests to install an application claiming to be an antivirus program. The malware has continued to be a problem for many users, showing up with regularity under several different variants.

ZDNet's Ed Bott has been looking into the issue, and while some may dismiss his claims due to his position covering Microsoft for the publication, he has uncovered some interesting information in speaking with an anonymous AppleCare representative about the situation. According to the representative, Apple has been dealing with significant call volumes about the issue, claiming that over 50% of calls last week were about the malware.

There's usually about 600 or so of us spread around 14 centers for CPU support. Before this started happening, we had 7-12 minutes between calls generally. Now we're lucky to have any time between calls.

We started getting a trickle of calls a couple weeks ago. However, this last week over 50% of our calls have been about it. In two days last week I personally took 60 calls that referred to Mac Defender.

The representative noted that AppleCare's official policies prevent them from assisting customers with malware issues, as the company does not wish to set expectations that they will be able to do so consistently going forward, instead recommending that customers look into antivirus software. Some representatives have, however, reportedly been quietly helping out customers as their superiors look the other way.

In a follow-up article responding to claims that his initial report was fabricated and the issue overblown, Bott documents his examination of Apple's support forums, where he found over 200 threads from users trying to remove the malware from their systems, far higher than any previous incident. And while the malware requires that users grant explicit authorization for the software to be installed, Bott argues that there are clearly significant numbers of relatively less savvy users who are taking the bait.

Finally, Bott today published the actual AppleCare internal support document about MACDefender, where it is revealed that the issue has been categorized as "Issue/Investigation In Progress" and outlining the procedures to be used by support representatives when dealing with customers calling in about the issue. Essentially, users who have not yet installed the malware are instructed to quit the installer and delete the download, while those who have installed the software should be directed to Apple resources to learn more about malware and left to find their own antivirus solution.

Article Link: Apple Investigating 'MACDefender' Malware, Support Staff Barred From Assisting Customers

 

[Cheffy Dave]

NEVER allow anything to be installed YOU DIDN'T SPECIFICALLY REQUEST IN ADVANCE! EVAH!!!!!

 

[ggg05a]

Call me cold, but I have absolutely 0 "zero" sympathy for people who download anything they hadn't requested, had just popped up unannounced.

What happened to the average Mac user being educated?

 

[Vol7ron]

NEVER allow anything to be installed YOU DIDN'T SPECIFICALLY REQUEST IN ADVANCE! EVAH!!!!!

lol, we can't do that....after all, that would be the sensible thing to do.....

 

[Eddyisgreat]

I can already hear the pitter patter of trolls running towards the forums shouting "hear ye hear ye! death to the mac hath finally cometh with this new super virus that's quite unstoppable!"

 

[paulypants]

Call me cold, but I have absolutely 0 "zero" sympathy for people who download anything they hadn't requested, had just popped up unannounced.

What happened to the average Mac user being educated?

I agree, unfortunately the rash of 'switchers' has lowered the average tech IQ of the userbase.

 

[Gemütlichkeit]

I don't want idiots clogging up the line

 

[ciTiger]

I supposed it is to be expected that with the number of Mac users greatly increasing the virus and alike would begin to target the OS more often...

 

[dagamer34]

Call me cold, but I have absolutely 0 "zero" sympathy for people who download anything they hadn't requested, had just popped up unannounced.

What happened to the average Mac user being educated?

I think you aren't aware of what the average "new Mac" users level of education is.

 

[Cameron Hood]

Duh....

it's unfortunate that this is happening to us, finally, but it's NOT like it can't be avoided. Just don't install anything you didn't specifically request, as has already been suggested. Is that a difficult thing to comprehend?



Cheers,
Cameron

 

[DCstewieG]

Where's the update for the built-in anti-virus/malware in Snow Leopard? Isn't this the easy answer?

 

[hexonxonx]

I wonder what types of sites these people are visiting to get these popups. I have not seen one of these popups yet.

 

[Elijahg]

I downloaded this to have a look at the package. The download shows up as an ad on websites, and tricks people by saying their Mac has a virus. It doesn't auto download, you do have to click "download", making it seem more official. The unsuspecting user then downloads and installs, which obviously installs the trojan too. I had a look at the application package, and it has lots of references to purchasing something or other which I assume to be an upgrade to "remove" the viruses it "found". I guess you enter your credit card details, which get sent off to wherever for someone to sap out some money.

 

[GFLPraxis]

It's somewhat ironic, in a way, that the only Mac "virus" (trojan, not virus) will only get people who manually install it because they think they need an antivirus on a Mac.

Expect waves of people proclaiming that Macs have viruses too, etc etc, when this is actually just crapware that the user has to install.

 

[mobilehavoc]

A few more of these type of events and Apple loses one of its chief marketing strategies for the Mac.

 

[Aduntu]

What happened to the average Mac user being educated?

I agree, unfortunately the rash of 'switchers' has lowered the average tech IQ of the userbase.

Macs have appealed to less than tech savvy users for quite some time. "It just works" isn't a tagline for those with exceptional tech skills.

 

[ChrisTX]

This tried to install on my MacBook Pro last night and I immediately cancelled and deleted the file ASAP!
And for the record I got this after clicking on a link from Yahoo! News.

 

[goobot]

Wirelessly posted (Mozilla/5.0 (iPhone; U; CPU iPhone OS 4_3_3 like Mac OS X; en-us) AppleWebKit/533.17.9 (KHTML, like Gecko) Version/5.0.2 Mobile/8J2 Safari/6533.18.5)

Stupid people like this shouldn't even use a computer.

 

[Aduntu]

Wirelessly posted (Mozilla/5.0 (iPhone; U; CPU iPhone OS 4_3_3 like Mac OS X; en-us) AppleWebKit/533.17.9 (KHTML, like Gecko) Version/5.0.2 Mobile/8J2 Safari/6533.18.5)

Stupid people like this shouldn't even use a computer.

Yes, that's it. Because educating people is never the answer.

 

[nastymrx]

Those damn malware creators causes me lots of work. Damn you!.
Anyway, the poor bastards installing unknown software should learn, now!.

 

[dj-anon]

Can apple update XProtect to detect this?

 

[charlituna]

There are three things happening in these articles.

1. Reports that calls are up about this and malware in general.

Likely true

2. Reports that Apple Care reps are being told they are not allowed to offer any support on this matter.

Also likely true

3. Implications that Apple is wrong to be refusing to 'support' this issue and is obligated to do so.

Not true. This is user damage and if you bothered to read your warranty and AppleCare you would know that it is not covered. Nor is this any different than any other 3rd party support by AppleCare (which is zero). Nor different than customer support from any other OEM company for malware (which is also zero).

As for the 'investigating', Apple is always investigating everything. In this case it is to make sure that there are no holes in the system to let this thing in unawares. And perhaps to find a way to block it (and similar) via a security update with a big red flag that says (best read in a Sam Jackson voice) "this could be **** that will f up your system, are you really sure Mo Fo that you want to install it" or even better update Safari to block the pop up.

 

[mack pro]

It's somewhat ironic, in a way, that the only Mac "virus" (trojan, not virus) will only get people who manually install it because they think they need an antivirus on a Mac.

Expect waves of people proclaiming that Macs have viruses too, etc etc, when this is actually just crapware that the user has to install.

Crapware as you call it is just as bad as a virus especially when your userbase is as ignorant as Apples.

 

[Stella]

"while those who have installed the software should be directed to Apple resources to learn more about malware and left to find their own antivirus solution."

Leave the user to find their own solution.

Doesn't sound very Apple like.

 

[mypants]

Poisoned ads

I wonder what types of sites these people are visiting to get these popups. I have not seen one of these popups yet.

My browser got hit with this twice. Once from FARK (I think) and another time from another "Mac news" site that I regularly go to.
Both sites use ad services to serve up their ads.
Somehow this "Mac Defender" and also "Mac Protector" showed up with the normal ads.

So it was not simply bad neighborhoods. The poisoned ads had somehow infected the ad servers.

I can't recall if simply loading the page caused the browser hijack or if you had to roll over the ad, but regardless, it was pretty startling and rather impressive.

I don't think you will get to either of them again as the ad services have removed them. I also don't understand recommendations for AV software. There is no AV software that will do anything about this until it is far too late. AV software can't protect you from social engineering tricks.