Apple Investigating 'MACDefender' Malware, Support Staff Barred From Assisting Customers

Discussion in 'MacRumors.com News Discussion' started by MacRumors, May 19, 2011.

  1. MacRumors macrumors bot

    MacRumors

    Joined:
    Apr 12, 2001
    #1
    [​IMG]


    [​IMG]


    Earlier this month, a new malware threat known as "MACDefender" popped up, targeting Mac OS X users with requests to install an application claiming to be an antivirus program. The malware has continued to be a problem for many users, showing up with regularity under several different variants.

    ZDNet's Ed Bott has been looking into the issue, and while some may dismiss his claims due to his position covering Microsoft for the publication, he has uncovered some interesting information in speaking with an anonymous AppleCare representative about the situation. According to the representative, Apple has been dealing with significant call volumes about the issue, claiming that over 50% of calls last week were about the malware.
    The representative noted that AppleCare's official policies prevent them from assisting customers with malware issues, as the company does not wish to set expectations that they will be able to do so consistently going forward, instead recommending that customers look into antivirus software. Some representatives have, however, reportedly been quietly helping out customers as their superiors look the other way.

    In a follow-up article responding to claims that his initial report was fabricated and the issue overblown, Bott documents his examination of Apple's support forums, where he found over 200 threads from users trying to remove the malware from their systems, far higher than any previous incident. And while the malware requires that users grant explicit authorization for the software to be installed, Bott argues that there are clearly significant numbers of relatively less savvy users who are taking the bait.

    Finally, Bott today published the actual AppleCare internal support document about MACDefender, where it is revealed that the issue has been categorized as "Issue/Investigation In Progress" and outlining the procedures to be used by support representatives when dealing with customers calling in about the issue. Essentially, users who have not yet installed the malware are instructed to quit the installer and delete the download, while those who have installed the software should be directed to Apple resources to learn more about malware and left to find their own antivirus solution.

    Article Link: Apple Investigating 'MACDefender' Malware, Support Staff Barred From Assisting Customers
     
  2. Cheffy Dave macrumors 68030

    Cheffy Dave

    Joined:
    Feb 5, 2007
    Location:
    Sunny Florida, on the Gulf Coast in Homosassa Fl
    #2
    NEVER allow anything to be installed YOU DIDN'T SPECIFICALLY REQUEST IN ADVANCE! EVAH!!!!!:rolleyes:
     
  3. ggg05a macrumors regular

    ggg05a

    Joined:
    Jan 11, 2009
    #3
    Call me cold, but I have absolutely 0 "zero" sympathy for people who download anything they hadn't requested, had just popped up unannounced.

    What happened to the average Mac user being educated?
     
  4. Vol7ron macrumors 6502

    Vol7ron

    Joined:
    Jun 11, 2009
    Location:
    Derry, NH
    #4
    lol, we can't do that....after all, that would be the sensible thing to do.....
     
  5. Eddyisgreat macrumors 601

    Joined:
    Oct 24, 2007
    #5
    I can already hear the pitter patter of trolls running towards the forums shouting "hear ye hear ye! death to the mac hath finally cometh with this new super virus that's quite unstoppable!"
     
  6. paulypants macrumors 6502a

    paulypants

    Joined:
    Jun 17, 2003
    Location:
    Buffalo, NY
    #6
    I agree, unfortunately the rash of 'switchers' has lowered the average tech IQ of the userbase.
     
  7. Gemütlichkeit macrumors 65816

    Gemütlichkeit

    Joined:
    Nov 17, 2010
  8. ciTiger macrumors 6502a

    ciTiger

    Joined:
    Jan 25, 2011
    Location:
    Portugal (Porto)
    #8
    I supposed it is to be expected that with the number of Mac users greatly increasing the virus and alike would begin to target the OS more often...
     
  9. dagamer34 macrumors 65816

    dagamer34

    Joined:
    May 1, 2007
    Location:
    Houston, TX
    #9
    I think you aren't aware of what the average "new Mac" users level of education is.
     
  10. Cameron Hood macrumors member

    Cameron Hood

    Joined:
    Aug 1, 2010
    #10
    Duh....

    it's unfortunate that this is happening to us, finally, but it's NOT like it can't be avoided. Just don't install anything you didn't specifically request, as has already been suggested. Is that a difficult thing to comprehend?

    :confused:

    Cheers,
    Cameron
     
  11. DCstewieG macrumors member

    DCstewieG

    Joined:
    Jun 30, 2008
    Location:
    U.S.A.
    #11
    Where's the update for the built-in anti-virus/malware in Snow Leopard? Isn't this the easy answer? :confused:
     
  12. hexonxonx macrumors 601

    Joined:
    Jul 4, 2007
    Location:
    Denver Colorado
    #12
    I wonder what types of sites these people are visiting to get these popups. I have not seen one of these popups yet.
     
  13. Elijahg macrumors 6502

    Joined:
    May 23, 2005
    Location:
    Bath, UK
    #13
    I downloaded this to have a look at the package. The download shows up as an ad on websites, and tricks people by saying their Mac has a virus. It doesn't auto download, you do have to click "download", making it seem more official. The unsuspecting user then downloads and installs, which obviously installs the trojan too. I had a look at the application package, and it has lots of references to purchasing something or other which I assume to be an upgrade to "remove" the viruses it "found". I guess you enter your credit card details, which get sent off to wherever for someone to sap out some money.
     
  14. GFLPraxis macrumors 604

    GFLPraxis

    Joined:
    Mar 17, 2004
    #14
    It's somewhat ironic, in a way, that the only Mac "virus" (trojan, not virus) will only get people who manually install it because they think they need an antivirus on a Mac. :rolleyes:

    Expect waves of people proclaiming that Macs have viruses too, etc etc, when this is actually just crapware that the user has to install.
     
  15. mobilehavoc macrumors 6502

    mobilehavoc

    Joined:
    Jun 30, 2007
    #15
    A few more of these type of events and Apple loses one of its chief marketing strategies for the Mac.
     
  16. Aduntu macrumors 6502a

    Aduntu

    Joined:
    Mar 29, 2010
    #16
    Macs have appealed to less than tech savvy users for quite some time. "It just works" isn't a tagline for those with exceptional tech skills.
     
  17. ChrisTX macrumors 68030

    ChrisTX

    Joined:
    Dec 30, 2009
    Location:
    Texas
    #17
    This tried to install on my MacBook Pro last night and I immediately cancelled and deleted the file ASAP!
    And for the record I got this after clicking on a link from Yahoo! News.
     
  18. goobot macrumors 603

    goobot

    Joined:
    Jun 26, 2009
    Location:
    long island NY
    #18
    Wirelessly posted (Mozilla/5.0 (iPhone; U; CPU iPhone OS 4_3_3 like Mac OS X; en-us) AppleWebKit/533.17.9 (KHTML, like Gecko) Version/5.0.2 Mobile/8J2 Safari/6533.18.5)

    Stupid people like this shouldn't even use a computer.
     
  19. Aduntu macrumors 6502a

    Aduntu

    Joined:
    Mar 29, 2010
    #19
    Yes, that's it. Because educating people is never the answer.
     
  20. nastymrx macrumors member

    Joined:
    Jan 6, 2011
    #20
    Those damn malware creators causes me lots of work. Damn you!.
    Anyway, the poor bastards installing unknown software should learn, now!.
     
  21. dj-anon macrumors member

    dj-anon

    Joined:
    Mar 23, 2011
  22. charlituna, May 19, 2011
    Last edited: May 19, 2011

    charlituna macrumors G3

    charlituna

    Joined:
    Jun 11, 2008
    Location:
    Los Angeles, CA
    #22
    There are three things happening in these articles.

    1. Reports that calls are up about this and malware in general.

    Likely true

    2. Reports that Apple Care reps are being told they are not allowed to offer any support on this matter.

    Also likely true

    3. Implications that Apple is wrong to be refusing to 'support' this issue and is obligated to do so.

    Not true. This is user damage and if you bothered to read your warranty and AppleCare you would know that it is not covered. Nor is this any different than any other 3rd party support by AppleCare (which is zero). Nor different than customer support from any other OEM company for malware (which is also zero).

    As for the 'investigating', Apple is always investigating everything. In this case it is to make sure that there are no holes in the system to let this thing in unawares. And perhaps to find a way to block it (and similar) via a security update with a big red flag that says (best read in a Sam Jackson voice) "this could be **** that will f up your system, are you really sure Mo Fo that you want to install it" or even better update Safari to block the pop up.
     
  23. mack pro macrumors member

    Joined:
    May 3, 2011
    #23
    Crapware as you call it is just as bad as a virus especially when your userbase is as ignorant as Apples.
     
  24. Stella macrumors G3

    Stella

    Joined:
    Apr 21, 2003
    Location:
    Canada
    #24
    "while those who have installed the software should be directed to Apple resources to learn more about malware and left to find their own antivirus solution."

    Leave the user to find their own solution.

    Doesn't sound very Apple like.
     
  25. mypants macrumors newbie

    Joined:
    Mar 21, 2011
    #25
    Poisoned ads

    My browser got hit with this twice. Once from FARK (I think) and another time from another "Mac news" site that I regularly go to.
    Both sites use ad services to serve up their ads.
    Somehow this "Mac Defender" and also "Mac Protector" showed up with the normal ads.

    So it was not simply bad neighborhoods. The poisoned ads had somehow infected the ad servers.

    I can't recall if simply loading the page caused the browser hijack or if you had to roll over the ad, but regardless, it was pretty startling and rather impressive.

    I don't think you will get to either of them again as the ad services have removed them. I also don't understand recommendations for AV software. There is no AV software that will do anything about this until it is far too late. AV software can't protect you from social engineering tricks.
     

Share This Page