Apple acknowledges Mac Defender malware, offers help

[Jos]

Apple computers are often touted to offer a virus-free computing experience, as opposed to Windows, but as the platform increases in popularity it is also becoming a more serious target for attackers. One recent case involved a piece of 'scareware' dubbed Mac Defender, and became notorious for Apple's initial reluctance to help affected customers, despite receiving thousands of tech support calls related to the infections.

The scam in question targets Mac users via SEO poisoning attacks linked to a phony online antivirus scanner, which dupes users into thinking their machine is infected and automatically starts downloading an antivirus 'solution.' The design and content of Mac Defender makes it seem like a genuine antivirus program. However, once installed it will report that it has found other viruses and offer to clean the computer after a credit card payment is done.

Interestingly enough, Apple had apparently instructed its AppleCare and retail staff not to even acknowledge Mac Defender's existence, or help remove it from users' infected computers. ZDNet's Ed Bott posted a document with instructions that Apple's support personnel supposedly received regarding this issue, which was corroborated by two anonymous Apple support representatives who were surprised with how the company was dealing with the issue.

It's unclear how widespread the issue really is or why the company was downright preventing support personnel from helping customers -- beyond suggesting users that they research antivirus alternatives on their own.

Now, however, the company has apparently had a change of heart and posted a support article on its website explaining "How to avoid or remove Mac Defender malware" -- which basically boils down to directions on quitting the offending app and deleting it from the Utilities folder it is installed into by default. Apple also promised to issue a software update soon that will automatically hunt out and remove Mac Defender and its variants.

Permalink to story.

https://www.techspot.com/news/43939-apple-acknowledges-mac-defender-malware-offers-help.html

 

[example1013]

It's bad that this is going around, and that Apple was basically lights-out on the issue, but to know that removing it is as easy as deleting the application? Damn, I wish it were that easy to find and remove malware on Windows. Hopefully this will help push for tighter security, though.

 

[Wagan8r]

example1013 said:
It's bad that this is going around, and that Apple was basically lights-out on the issue, but to know that removing it is as easy as deleting the application? Damn, I wish it were that easy to find and remove malware on Windows. Hopefully this will help push for tighter security, though.

It's that easy because Macs have ZERO anti-virus protection from Apple. There's no need to get sneaky with your malware until you have to. Besides, how many Mac users do you think even know how to kill a process? Heck, how many know what that even means!?

 

[mario]

This Mac Defender 'virus' is just a trojan that any kid with some coding experience could write. There's no system infalible to a naive person.

To "get infected" you have to navigate into some malicious site, notice that the file was downloaded behind your back to you downloads folder, open your downloads folder and notice this unknown file. Mount this unknown disk image called 'Mac Defender' and then run an installer included in it that after some steps asks for your administrator password. And voila you're infected.

This kind of "malware" have long been available in OS X, I remember similar stories going back to 2004. And they've never been widespread, the only place where they get widespread is in the media that loves getting these kind of headlines.

 

[example1013]

wagan8r said:
It's that easy because Macs have ZERO anti-virus protection from Apple. There's no need to get sneaky with your malware until you have to. Besides, how many Mac users do you think even know how to kill a process? Heck, how many know what that even means!?

I mean, it's really simple stuff. Like, it's basically the same as Task Manager as far as I can tell.

Also, as Mario stated, it asks for an administrator password, because OSX has been using what's essentially UAC for close to 10 years now, as an added layer of protection. So you really have to be stupid to actually get infected anyways, although I didn't address that point in my first post because I realize that there will, inevitably, be people who are that stupid. It's how anti-virus companies make their money (at least on macs).

 

[jetkami]

"It's unclear how widespread the issue really is or why the company was downright preventing support personnel from helping customers -- beyond suggesting users that they research antivirus alternatives on their own."


Ah hahaha cough* cough* ...Ah hahahaha* tears rolling down cheaks, on the floor holding piss in.

 

[Saturday]

While it is unfortunate that Apple decided to handle it this way, it's even more surprising that it's this big of an issue. Nothing on a Mac can be run without the users permission. For an app to be installed it has to be mounted, and dropped into the Applications folder. From there you have to run it. Somewhere in there you most likely had to type in your password. The reason Macs don't get viruses is because they can't be installed without user help. So basically...like marioestrada said.

This problem exists because Apple has created a large following of NON tech savvy people who are two stupid to NOT install Mac Defender. The other chunk of users know better.

 

[Wagan8r]

marinkvasina said:
Your an *****, if anyone can write it... make one

Wait, you WANT him to write a trojan??

 

[SNGX1275]

It's that easy because Macs have ZERO anti-virus protection from Apple. There's no need to get sneaky with your malware until you have to. Besides, how many Mac users do you think even know how to kill a process? Heck, how many know what that even means!?

Thats not entirely true, there is some form of protection, presumably what is going to be updated in the software update.

I'm sure there are a lot of people that don't know how to kill a process. Probably a lot that don't know how to do it in Windows too. The number is probably higher in OS X, but that may just be because in OS X and prior Mac OS versions it seems (in my experience) if a program is going to crash, it closes on its own a lot more often than it hangs. In Windows, they seem to hang more than just go away, so people are more familiar with ctrl-alt-del or ctrl-shift-esc to get a program to close.

To the guy saying if its easy write one. I'm no programmer, but it seems to me to be as simple as creating an app, giving an intro and install screen with enough wording to convince someone to install. Then when they run the program throw up a scan button (maybe even let them choose what path to scan), then a few screens of updating progress. A screen after that saying you are infected with something and say this is just trial software, for removal please purchase the full version by entering a form of payment. It doesn't seem to be a modern marvel of coding to create these types of malware.

 

[example1013]

saturday said:
While it is unfortunate that Apple decided to handle it this way, it's even more surprising that it's this big of an issue. Nothing on a Mac can be run without the users permission. For an app to be installed it has to be mounted, and dropped into the Applications folder. From there you have to run it. Somewhere in there you most likely had to type in your password. The reason Macs don't get viruses is because they can't be installed without user help. So basically...like marioestrada said.

This problem exists because Apple has created a large following of NON tech savvy people who are two stupid to NOT install Mac Defender. The other chunk of users know better.

Millions of people own Apple computers. "Thousands" were infected. That seems extremely small-scale for an infection. Even assuming 100,000 people were infected, that's still not even as big as some of the larger botnets out there, nevermind the number of people who get infected daily with Trojans, keyloggers, and everything else every day with WIndows.

In other words, this isn't widespread at all, and people are making a mountain out of a molehill. Yeah, nice to know that Macs have a way to be infected. Millions of people also fall for Nigerian Prince scams, and that's not even restricted to computers, nevermind OSes.

 

[mario]

@marinkvasina I don't write malware, but you can find my open source code on GitHub . And read @SNGX1275's comment he basically described how you could write on and he has no programming knowledge. This MACDefender trojan doesn't even harm your data it will only open a webpage and ask for your credit card information. Anyway you might see it this is not state of the art malware.

 

[Burty117]

haha! this is funny, Apple not only is releasing an update but helping users with a virus?! whats going on Apple!

Also to everyone who is saying "but a UAC style thing pops up..." "they have been doing that for 10 years now..."

When windows introduced UAC in Vista it was one of the most hated things ever! everyone just clicks contimue, same in Windows 7.

Now if Macs have been doing that for 10 years now? I pretty sure people just click "continue".

Anyway I don't really care, I don't own a Mac and don't ever plan to, I have an iPhone 3GS, as long as that doesn't start getting a stupid UAC typ thing, i'm happy

 

[Guest]

I work for a large hospital on the helpdesk. All of the doctors have macs and constantly have issues access our remote citrix applications. We are primarily a Windows shop and have limited support for Macs. If you are doing a lot of video editing or photoshop, fine, pay 4 times more for your Computer. Their main reason for getting Macs is because there are no viruses. I hate to be the bearer of bad news, but there are more security vulnerabilities in OSX than there are in Windows. They are just not exploited because why would you write a virus that affects 10 million Macs when you could for 100's of millions of PCs. I actually purchased a Mac mini, so I could support my customers better. I primarily use it for a media center PC, and it locks up and crashes way more than my PC.

I DON'T GET THE OBSESSION WITH MACS!!!!!!

 

[Mister_K]

Because as has been said, viruses, malware etc.... is in a much larger scale widespread accross the internet for Window's rather then OSX.

 

[Cota]

marinkvasina said:
Your an *****, if anyone can write it... make one

I dont think you understand how easy is to make viruses... im a Mac hater so let me give you a 1 line MS. Windows virus i "made" to skip design class.

private void Form1_Load(object sender, EventArgs e)
{
Application.Restart();
}

Of course this command was banned from working, you can compile the app but it wont stuck the OS now, Mac OS doesnt have viruses because its not a big market to infect people and steal info, however yet we have this post

 

[Jos]

@marioestrada as you point out it's not a sophisticated malware by any means and it's true that these stories are often blown out of proportion -- which is why I noted that it's unclear how widespread this issue really is. What caught my attention, however, is why would Apple go out of its way to explicitly prohibit their support staff from taking any action that could help customers with Mac Defender related problems. Here's an extract from the alleged leaked document posted by ZDNet:

- You cannot show the customer how to force quit Safari on a Mac Defender call

- You cannot show the customer how to remove from the Login items.

- You cannot show the customer how to stop the process of Mac Defender in their Activity Monitor.

- You cannot refer the customer to ANY forums or discussions [sic] boards for resolution (this includes the Apple.com forums)

 

[colinf]

Jos said:
@marioestrada as you point out it's not a sophisticated malware by any means and it's true that these stories are often blown out of proportion -- which is why I noted that it's unclear how widespread this issue really is. What caught my attention, however, is why would Apple go out of its way to explicitly prohibit their support staff from taking any action that could help customers with Mac Defender related problems. Here's an extract from the alleged leaked document posted by ZDNet:

- You cannot show the customer how to force quit Safari on a Mac Defender call

- You cannot show the customer how to remove from the Login items.

- You cannot show the customer how to stop the process of Mac Defender in their Activity Monitor.

- You cannot refer the customer to ANY forums or discussions [sic] boards for resolution (this includes the Apple.com forums)

exactly...why did Apple deny its existence and order employees not to help

 

[captaincranky]

exactly...why did Apple deny its existence and order employees not to help

Why exactly does Apple do anything? Because it came to Steve Jobs in a vision.

 

[Guest]

Guest writes: "I actually purchased a Mac mini, so I could support my customers better. I primarily use it for a media center PC, and it locks up and crashes way more than my PC. "


Maybe you have a dud but I would diagnose PEBCAK. It is absolutely rare (to the point I don't even remember) that I have had to powercycle my mac in the 4 years I've owned it. Software Update works a dream - use it.

I would like to say the same thing about my PC but that would be dishonest. Though Windows 7 has improved it, they are not even on the same planet in terms of pain vs gain.

Macs tend to attract better quality human beings for a number of reasons (and no I'm not talking about price as that is simply a natural result of higher quality). This is the primary reason there are so few virii on the Mac.

you never see quality brand beer empties discarded on the side of the road

 

[captaincranky]

Wax on......Wax off... Actually I think there's a lot more waxing off going on here......But judge for yourselves...

Guest writes: "I actually purchased a Mac mini, so I could support my customers better. I primarily use it for a media center PC, and it locks up and crashes way more than my PC. "


Maybe you have a dud but I would diagnose PEBCAK. It is absolutely rare (to the point I don't even remember) that I have had to powercycle my mac in the 4 years I've owned it. Software Update works a dream - use it.

I would like to say the same thing about my PC but that would be dishonest. Though Windows 7 has improved it, they are not even on the same planet in terms of pain vs gain.

Macs tend to attract better quality human beings for a number of reasons (and no I'm not talking about price as that is simply a natural result of higher quality). This is the primary reason there are so few virii on the Mac.

you never see quality brand beer empties discarded on the side of the road

You da man....!

Although, "viruses" is the commonly accepted English plural form of, "virus".

It's not. "virii", which is a vulgar slang form, commonly used by ill bred Apple trolls because they think it makes them appear somehow more "sophisticated".

Now be a good little "App-Holian", run along and wax your Mac-Mini........Oh, and before I forget.... hooray for you...

 

[red1776]

Wax on......Wax off... Actually I think there's a lot more waxing off going on here......But judge for yourselves...You da man....!

Although, "viruses" is the commonly accepted English plural form of, "virus".

It's not. "virii", which is commonly used by ill bred Apple trolls because they think it makes them appear somehow more "sophisticated".

Now be a good little troll, run along and wax your Mac-Mini........Oh, and before I forget.... hooray for you...

Of course...of course...one hates to receive several Virii unto thine Mac.

 

[captaincranky]

Of course...of course...one hates to receive several Virii unto thine Mac.

Mac-Mini......Mac-Mini.....Mac-Mini....Mac-Mini...Mac-Mini..Mac-Mini.Mac-Mini......Ooooo, Ahhhhh..

"My eyes are bulgin' boss"......

 

[mario]

2011, 2 almost harmless trojans and every media is going nuts on this stories. Let's see what "security experts" have been saying for almost 10 years.

2003

"The truth is that the Mac OS is just as vulnerable as Microsoft Windows."?Lance Ulanoff, Security, IT Hub.

2004

"Windows is more secure than you think, and Mac OS X is worse than you ever imagined."?Matthew Broersma, Techworld.

2005

"The naming of Apple's Mac OS X to the list of latest warning from security experts to users that Apple's operating system is not immune to threats."?Robert Lemos, Security Focus

"Attacks on Apple's OS X operating system, thought by many who use the Mac to be virtually immune from hackers, are on the rise, according to a report from Symantec, an anti-virus software vendor."?Wired.

2006

"Several security researchers have predicted that 2006 will be the year Mac OS X loses its image as a "safe" operating system."?Matthew Broersma, Techworld.

"Anti-virus software firm McAfee has identified Mac OS X as a growing target for malware attacks."?John Leyden, The Register.

2007

"There will be a significant rise in virus attacks on both the Mac and open-source platforms, according to renowned security expert, Eugene Kaspersky."?Barry Collins, PC Pro.

"After years of relative safety in obscurity, the Apple Mac is becoming an increasingly tempting target for malicious computer hackers, according to a new report published this week."?Kevin Allison, Financial Times.

The reality is that the era of serene isolation is ending, partly because of technical changes that increase a Mac's vulnerability to infected documents-and even programs?originally created on a PC."?James Fallow, The Atlantic.

2008

"With Apple's market share now around 8.5 percent and growing quickly, with sales of almost 2.5 million last quarter these Mac newbies are a tempting target for profit-minded cybercriminals."?Dwight Silverman, Chron.com.

"Macintosh computers have been gaining market share and catching the interest of hackers, according to Zero Day Initiative (ZDI) security vulnerability analyst Cameron Hotchkies."?Glenn Chapman, Yahoo.

2009

"For years, Apple fans have claimed that Macs are invulnerable to attack, while belittling Windows as being full of security holes. Now the tables are turned."?Preston Gralla, Computerworld.

"According to a new article by CNN, Mac users now have something to worry about when it comes to security. Mac computers are known for their near immunity to malicious computer programs that plague PC?s."?Shawn Moniz, Shawn's Technology spot.

2010

"Mac and iPhone users may think they are immune from viruses and malware, however as the operating system becomes more popular more cybercriminals will be attracted to this growing base," warned Symantec's product development director, Con Mallon." ?Jonny Evans, Computerworld.

 

[mario]

Blaming the OS for this attacks would be like blaming Microsoft for people being scammed by a nigerian prince because they got an email through Hotmail.

Apple will remove and protect against this MacDefender/MacGuard threat in their next update, but really all they are doing is putting a stop on all this ill generated press. Because this program is just attacking people's innocence or naivety.

 

[Guest]

Well spit it out