Apple Investigating 'MACDefender' Malware, Support Staff Barred From Assisting Customers

[samcraig]

Sorry, but you know just as well as I do that viruses do not appear out of thin air. It has to get on your system some how; and that is *always* due to something the user has control of.

Sorry - but clearly you're unaware of viruses that can infect your system by visiting a website that has an infected file.

Yes - the user has control over it - in the same way that a user has control over whether or not his wallet can get stolen by walking down the street. You can argue that if he didn't carry the wallet or didn't walk down the street - he wouldn't have gotten his wallet stolen.

 

[samcraig]

I purposely downloaded this to see what the big fuss was over. Firstly, it took me forever just to find a site that actually would download it without me clicking on something.

It does download by itself, and then it launches the installer. YOU HAVE TO INSTALL IT YOURSELF. Meaning I had to go through the whole installation process, type in my User Name AND Password, then launch it and click the "This program was downloaded from the internet, are you sure you want to open it" button, click Open, and THEN bam, I have a malware.

But it's easier than pie to get rid of, you can just simply delete it.

People would have to be pretty spaced-out to willingly go through all of this for something they didn't download themselves. I is still COMPLETELY 100% the users fault that they get it. But it DOES NOT install itself, it just downloads by itself and launches the installer.......which is why Mac OSX has been praised as "virus free" for years as the OS does not allow the crap to auto install, the user is the one who has to install it, and in this case, people are.

Yeah - you're conveniently missing the important element. This issue isn't how hard/easy it is to install.

People are being led to run a scan on their computer based on the fear that is "out there" that viruses exist (which they do). So, while not completely "innocent" - this virus prays on the fears that some people have to want to make sure their computer is clean.

If they are convinced they HAVE a virus or issues - of COURSE they would go through the installation process to delete such threats.

 

[ridgetop]

What do you guys think of MacKeeper? Should I uninstall?

 

[iphonepiephone]

<smug> "But... But... But... Macs don't GET viruses ^_^" </smug>

 

[GGJstudios]

What do you guys think of MacKeeper? Should I uninstall?

No. Apps like that frequently do more harm than good. Just read the Mac Virus/Malware Info link I posted and follow the recommendations in it. You'll be fine.

 

[*LTD*]

Wirelessly posted (Mozilla/5.0 (iPad; U; CPU OS 4_2 like Mac OS X; en) AppleWebKit/533.17.9 (KHTML, like Gecko) Version/5.0.2 Mobile/8C134b Safari/6533.18.5)

It's a true problem, cause you can never underestimate user stupidity.

MacOS X is going to become more of a target, not just because the installed base is growing, but because with that growth comes a large population completely clueless people. These less bright people will install malware on their Macs which will open the doors to viruses and botnets.

If OS X is or will become "more of a target", this prediction will require a helluva lot more than a new trojan every 2-3 years that people go crazy over and then forget about.

We've been hearing the "Mac is becoming more of a target" claim for nearly a decade. It isnt any more of a target than it was 5 years ago. And the pattern repeats: a trojan every couple of years. Leap-A in 2006. The iWork Trojan in 2009. And so on. If you've been around long enough you'll notice we go through this exact situation every couple of years, with promises that *now* (seriously, maybe not last time but *this* time) it's for real. THIS time the Mac has enough share; THIS time the stars are aligned just right, etc.

It isn't. One new trojan every few years does not a problem make. Certainly not an "explosion", as the headlines say, LOL.

I feel sorry for Apple, actually, because they're left to deal with more sky-is-falling PR baloney that is completely unwarranted. But everyone loves a sensational story, especially about Apple.

 

[GGJstudios]

<smug> "But... But... But... Macs don't GET viruses ^_^" </smug>

If they're running Mac OS X, they don't, since none exist. So you feel smug about being uninformed?

 

[samcraig]

Wirelessly posted (Mozilla/5.0 (iPad; U; CPU OS 4_2 like Mac OS X; en) AppleWebKit/533.17.9 (KHTML, like Gecko) Version/5.0.2 Mobile/8C134b Safari/6533.18.5)



I feel sorry for Apple, actually, because they're left to deal with more sky-is-falling PR baloney that is completely unwarranted. But everyone loves a sensational story, especially about Apple.

So you think that the Apple Rep on record was lying about the increase in call volume? That this is a non-issue? Is that right?

 

[iphonepiephone]

They don't. So you feel smug about being uninformed?

Uninformed? I hate to be a cliche, but that's kinda ironic. "Since none exist" - what, in your imagination, or do you happen to have a catalogue of ALL binary executables on every computer in the world?

I hate to shatter your evident illusion of the mighty Apple being impenetrable and flawless; even Linux, which is exponentially more secure than any Mac OS X version, has flaws and vulnerabilities. I'll get you a good bulk price on Koolade if you're interested?

I take it you know the meaning of speech marks? ---> " "

It. Was. A. Joke.

Lighten. Up.

But seriously - don't take it to heart dude, I was having a laugh, ya know, that thing that some people do, to lighten the mood a little?

 

[ChrisTX]

I've been telling my wife to stop using Yahoo for years. She constantly gets popups of all kinds navigating around Yahoo and many are clearly malware.

Yahoo is a cesspool of malware links, from my view. Never go there, never will.

The idea is this file was recieved from a source I thought was trusted. I was simply reading a news story, and clicked "next" as this popped up and tried to install itself. Regardless I deleted this file asap as I was already well aware this was out there.

 

[dj-anon]

A couple of questions mostly because my dad is waiting on delivery on a MacBook Air and he is the target audience for one of these 'malware infections'

a) This only occurs in Safari? y/n

b) Only occurs because the Safari enable 'open safe downloads' box is checked? y/n

c) I use Firefox with adblock so I never have seen this pop up. Is using this setup a fairly good method for a naive, new Mac user?

Thanks

This malware is browser independent. Turning off "open safe downloads" makes easier to ignore the malware because you then have to manually open the zip and then the mpkg file instead of the installer opening itself automatically.

As far as I know, adblock does nothing against SEO poisoning, so you want NoScript to protect you against that.

 

[iJon]

Unfortunately this will be a thorn in Apple's side unless some solution is created. Whether or not the customers are dumb for falling for it, it is still a problem.

I know ALOT of people people who have fallen for this. We can point the finger at the user but at the end of the day the issue is going to fall at Apple's feet in terms of helping users get rid of it.

Hopefully Apple will ease up and help users remove it. It takes no time at all and there are even some custom Applescripts floating around that rid the computer of it with the click of a button. Hopefully this doesn't become a common trend for our Macs.

 

[Eidorian]

Advertising money down the drain.

 

[ChazUK]

Sophos Antivirus is free. http://www.sophos.com/en-us/products/free-tools/sophos-antivirus-for-mac-home-edition.aspx

Not sure if it will detect this malware yet but I have it installed on both my Hack and Mac to stop me inadvertently passing anything scrupulous to my Windows using friends.

It costs nothing (well, a little RAM and CPU cycles) so it's got to be worth it.

 

[WestonHarvey1]

Sorry, but you know just as well as I do that viruses do not appear out of thin air. It has to get on your system some how; and that is *always* due to something the user has control of.

Uh, no. Sorry, just no.

If by "something you're in control of" you mean not being connected to the internet, or even better, never powering the computer on in the first place, then you may have a point.

 

[sjp5317]

I was afraid it was only a matter of time before such things began to appear with the increasing popularity of Macs and Apple products. Thankfully OS X isn't a business system such as Windows (In popularity that is), so hackers may be less inclined to work on hacking it. However, it doesn't mean OS X is 100% safe from anything, no OS can tout such.

The only app I can recommend to help defend against such things is "Little Snitch," not for anti-virus but it keeps a good track of incoming and outgoing requests, whether you want to approve or deny them and until quitting the app or forever. Plus you can modify/add rules.

Didn't VAX/VMS tout that? They had a competition to see if anyone could hack it and if I am not mistaken no one was able to. I used to work with someone who swore by the OS. I am pretty sure he still has a couple VAX/OpenVMS servers running.

 

[casebolt12]

I'm rather surprised that any Mac user would pose as an elitist prick; that's the Linux guys' bag.

As has been said already by quite a few other posters here, to even consider Mac users as having a higher technical expertise than others is ridiculous. Macs are SPECIFICALLY marketed to those with little to no computer knowledge, and have been for decades. This is not to say that all Mac users have low technical expertise; I've meet many Mac users that know far more than I do about a variety of technical subjects, but the ratio of knowledgeable users to non, (in my experience) is far lower than when looking at the same for Windows users. Without actual data and statistics to look at, I can only say this is in my experience, and perhaps this view is suffering from skewed data based upon my experience.

This only highlights a problem with the Mac marketing scheme.

From a support perspective, as someone who works for one of the largest Universities in the US, I've seen a number of these infections come in to our walk-in services recently. Yes, users MUST supply their admin password to actually install this, and yes, many Mac users are gullible enough to do it, the same as Windows users are gullible to do the same for UAC.

"Macs don't get viruses" has been a Mac mantra for decades as well, and is one of the main driving forces behind switchers; they get viruses on their Windows machine because they are gullible, then they switch the a Mac, because, as their commercials and ads say, they don't get viruses. As others have pointed out, this is not a "virus" per se, but from the user's perspective, all malware is a virus. The common user does not understand the distinction between Virus, Adware, Spyware, Rootkits, Trojans, Worms, etc etc ad naseum. To a average user, all of these things are "viruses".

The marketing scheme Mac has used has inadvertently (or intentionally, but I'd like to hope unintentionally) driven users to adopt Macs -because- they claim not to get viruses. You tell that to an average user, and they will assume that Macs do not get malware, because they do not understand the distinction between the two.

Apple has done a disservice to their userbase by trying to increase their market share through shady marketing practices and slogans. Now that their market share has grown, and will continue to grow, we are going to see more and more of these rogue scanners and trojans start to appear on Macs.

Before now, Mac users have been pretty safe when it comes to malware, and they will probably continue to be more safe than Windows users for some time, but they are going to start getting more of this junk the larger their market share gets.

Now would be a great time for Apple to take a second look at their marketing scheme -from a user's perspective- and retract their "Macs don't get viruses" stance, or at least widely publicize a clarification on what exactly that statement is supposed to mean.

 

[igator210]

I read a lot of post describing people that get this malware as stupid and uneducated about Apple / Mac products. My dad did not install it, but it did come through his email and it is very intimating the way it pops up. He asked me about it, and I took a look at it. I can see how people would get scared and install it. I even paused a minute before I cancelled out of the install.

Now, my first computer was an Apple IIe. My dad's was a Performa model. We both have Intel iMac. Neither of us are IT people, but we've been around the Apple family for over 25 years. So, don't get all high horse and righteous in regards to people installing this malware.

 

[samcraig]

This malware is browser independent. Turning off "open safe downloads" makes easier to ignore the malware because you then have to manually open the zip and then the mpkg file instead of the installer opening itself automatically.

As far as I know, adblock does nothing against SEO poisoning, so you want NoScript to protect you against that.

Aye - there's the rub, right? The default (set by Apple) "simplifies" and yet exposes/facilitates the user to such situations because it automatically opens these files

Setting the default to off then adds "work" for the end user to have to open up the file themselves each time...

 

[fifthworld]

Wirelessly posted (Mozilla/5.0 (iPhone; U; CPU iPhone OS 4_3_3 like Mac OS X; en-us) AppleWebKit/533.17.9 (KHTML, like Gecko) Version/5.0.2 Mobile/8J2 Safari/6533.18.5)

Stupid people like this shouldn't even use a computer.

How come you are using one then?

 

[casebolt12]

and btw, here's the KB article we have at my place of work to deal with this:

Open Spotlight - type in Activity Monitor and click to launch the application
From the list of Process Names choose MacSecurity or MACDefender(dependent on version installed)
Click on the process to Force Quit and close the application
Download and install AppCleaner from http://www.freemacsoft.net/AppCleaner
Launch AppCleaner and drag MacSecurity or MACDefender from the Applications Folder over to the Uninstall screen in AppCleaner
Click Delete
Empty Trash and Reboot. (***Note: Be sure to empty the files from the Trash, as they will still launch if they are not emptied form the Trash.)

These types of infections can be acquired via SEO (Search Engine Optimization) attacks causing the user to be redirected to a malicious site by listing that site first in search results from a search engine (such as Google, Yahoo, etc.). These malicious sites then execute a Java exploit that allows the automatic download of a compressed ZIP archive. If this archive is then opened, then installer for the Rogue scanner starts.

To Help Prevent these types of infections by adding another layer that the user will need to go through to install:

Open Safari
Click on Safari on the top menu, choose preferences.
On the General Tab, uncheck the Box that lists "Open 'safe' files after download"



incredibly easy to remove.

 

[GGJstudios]

I hate to shatter your evident illusion of the mighty Apple being impenetrable and flawless;

Who said Macs are "impenetrable and flawless"?? Apparently, you haven't read the Mac Virus/Malware link I've posted in most virus threads.

Sophos Antivirus is free. .

And it also can increase your Mac's vulnerability. Don't use it. Read the Mac Virus/Malware link I posted for more details.

Download and install AppCleaner

If you haven't installed the MacDefender app, you can simply quit it and drag the installer package to the Trash. No uninstallation necessary. If you've installed it, AppZapper, AppCleaner, CleanApp, TrashMe, and similar apps do not do a thorough job of removing all files/folders related to deleted apps. The only effective method for complete app removal is manual deletion:

Best way to FULLY DELETE a program​

 

[ChazUK]

And it also can increase your Mac's vulnerability. Don't use it. Read the Mac Virus/Malware link I posted for more details.

Will have a read of it GGJstudios. Thank you.

EDIT: Apologies if I am being dumb, could you post it again at all? I've skimmed the thread and can't see it.

 

[boccabella]

Wirelessly posted (Mozilla/5.0 (iPod; U; CPU iPhone OS 4_3_3 like Mac OS X; en-us) AppleWebKit/533.17.9 (KHTML, like Gecko) Version/5.0.2 Mobile/8J2 Safari/6533.18.5)

Complete rubbish. If 50% of Apple's support calls were for ANY single issue the company would have already made a public announcement about it. Do you know how many support calls Apple receives every day? Shame on ZDNet for publishing this, I don't believe any part of the story.

 

[samcraig]

Again there's a conflict amongst apple "fans" and Apple's marketing.

IE - Having/suggesting the installation of "Little Snitch"

I agree - great program...

But if you want to believe Apple's marketing (and some here regurgitate it as gospel) - things just work. You don't need such programs to work your computer day-today

The average joe does or does not (should or should not) want to have to worry about such things. Which is it? I'm asking people like LTD on that one. Seriously. Which is it. Because the response keeps changing.

In other news - No one need fear the rapture on Saturday. Clearly since Steve/Apple didn't say it was an issue, no rapture will take place