According to an internal AppleCare document obtained by Ed Bott of ZDNet, the "MACDefender" software is considered an "Issue/Investigation in Progress." The confidential internal document, issued to representatives this week, notes that "AppleCare does not provide support for removal of the malware."
A series of bullet points accompanying the document state that employees should not confirm or deny that the malware has ben installed, attempt to uninstall it, or send customers to Tier 2 for further resolution. In addition, representatives are also told not to refer customers to the Apple Store, as those employees do not remove malware either.
"Explain that Apple does not make recommendations for specific software to assist in removing malware," the document reads. "The customer can be directed to the Apple Online Store and the Mac App Store for antivirus software options."
Bott also previously reported via his Microsoft Report that an AppleCare representative said malware for the growing Mac platform is "getting worse." The anonymous person claimed that call volume at AppleCare is four to five times higher than normal, and the "overwhelming majority" of calls are related to MACDefender or another alias.
"Many Mac users think their Mac is impervious to viruses and think this is a real warning from Apple," the anonymous person reportedly said. "I really wish I could say not many people will fall for this, but in this last week, we have had nothing but Mac Defender and similar calls."
The MACDefender malware first gained attention earlier this month, when it was spotted by an antivirus company. The program automatically downloads in web browsers through JavaScript.
But users must also agree to install the software and provide an administrator password, which led Intego to categorize the threat as "low." However, the latest details would suggest that users are unaware of what they are installing and proceed with the installation anyhow.
The malware spreads through search engines like Google via a method known as "SEO poisoning." The sites are designed to game search engine algorithms and show up when users search for certain topics.
Users on Apple's support forums have advised killing active processes from the application using the Mac OS X Activity Monitor. MACDefender can then be deleted from the Applications folder by dragging it into the trash.
94 Comments
So the one thing missing in this story is what MACDefender actually does once it's installed. Anyone know?
Isn't this the kind of problem the Mac App Store is designed to defend against?
So the one thing missing in this story is what MACDefender actually does once it's installed. Anyone know?
i think it's a barrage of pornography. Could be wrong though.
As the article notes, this is only a threat if you actively allow the installer to proceed by entering the administrator password. Most moderately advanced users will recognize this and refuse to continue. However, as macs become more and more popular, it's true that many less-experienced users could be confused or tricked. I certainly emailed some family members who are new to macs and reminded them to never enter their administrator password unless they were completely sure why they were doing it and trusted the download source.
Isn't this the kind of problem the Mac App Store is designed to defend against?
Absolutely. Notice the installed base for iPhones and iPads greatly exceeds that of macs, yet the malware issue is non-existant. This is apple's solution to the problem, and personally I think it's a good one.
It's partly Apple's fault for having the "open safe files after downloading" feature is Safari. That feature is just asking for this kind of attack.