Increase in MACDefender rogue anti-virus downloads causes Apple to offer no support or assistance in removal or diagnosis of malware

News by Dan Raywood

Apple has been criticised for a lack of consideration over a fake anti-virus that swamps a user's screen with pornographic images.

Apple has been criticised for a lack of consideration over a fake anti-virus that swamps a user's screen with pornographic images.

The MACDefender scareware was detected by Intego in early May, who said that when a user clicks on a certain link, they are sent to a website that displays a fake Windows screen with an animated image showing a malware scan which tells the user that their computer is infected.

After this, JavaScript on the page automatically downloads a compressed zip archive and if a specific option in a web browser is checked (open ‘safe' files after downloading in Safari, for example), will open. The file is decompressed and presents a walk-through download process.

Intego said: “This application is very well designed and looks professional. There are a number of different screens and the grammar and spelling are correct, the buttons are attractive and the overall look and feel of the program give it a professional look.”

Despite this detection, an internal memo from this week seen by ZDnet, reveals that Apple are taking no part in removing the malware with staff encouraged to tell callers that ‘Apple does not provide support or assistance in removal or diagnosis of malware'.

If a user has not installed MACDefender, Apple support staff are encouraged to tell the caller that they quit the installer and delete the software immediately with a line of ‘AppleCare does not provide support for removal of the malware'. They are also encouraged to not confirm or deny whether the customer's Mac is infected or not.

If the caller has installed the malware, staff are encouraged to handle the call with the following guidelines: make sure their Mac OS X is up-to-date and all security updates have been installed; direct the caller to ‘What is malware' on the help folder; and explain that Apple does not make recommendations for specific software to assist in removing malware, directing the caller to the Apple online store and the Mac App Store for anti-virus options.

ZDNet's Ed Bott said he has found more than 200 separate discussions on Apple's official forums about MACDefender and that the volume of reports about the problem was ‘exceptional'.

Luis Corrons, technical director of PandaLabs, said that Apple should not recommend any particular anti-virus but they should encourage people to have one installed and this is becoming an issue.

He said: “There are a number of solutions, both free and paid.  For many years, Windows users have switched to Apple thinking it is a malware-free world but that is not true anymore, though most of the malware is still designed for Windows and we see new threats emerging for this platform.

“Apple is not happy about this, but it seems they don't want to recognise there is a real problem here and in my opinion this is an irresponsible position.”

Eddy Willems, security evangelist at G Data, commented that Apple is generally secure but an attitude of nothing being able to penetrate the OS is not good enough.

He said: “They cannot keep going on this course; Apple has some protection with removal tools so users can update and take care of problems. I don't know if this attitude is short sighted, Microsoft did not acknowledge the problem in the beginning and were not aware of the problems.

“They could handle this more efficiently which they have not done yet, but they are just realising that they are becoming a target and I think that will change.”

David Harley, CEO of Small Blue-Green World and administrator of the Mac Virus website, said: “I don't always admire Apple's security claims, but I'm not entirely out of sympathy with their position on user support and it is not inconsistent with their position as regards the minimal malware detection in Snow Leopard. They haven't promoted that, perhaps because they were aware that it's not and can't be industrial strength anti-virus and maybe were even concerned that users would be given a false sense of security if they knew it was there, assuming that it was all that was necessary. As did, in fact, happen to some extent.

“If that's the company's position here, it's not necessarily irresponsible. Of course, if anyone at Apple is saying ‘Mac users aren't vulnerable to malware threats', that's a different proposition. However, I think the issue here is that stuff like this is attacking the user via some form of psychological manipulation, not via system or application vulnerabilities. The same is true of most Windows malware, of course, but attacks via Windows or Windows app vulnerabilities are still common. Though not as common as some commentators assume.”


Find this article useful?

Get more great articles like this in your inbox every lunchtime

Video and interviews