Apple tells reps not to remove malware amid outbreak
updated 10:05 am EDT, Thu May 19, 2011
First major malware attack on Macs?
Apple is informing its technical support workers not to remove or even confirm or deny the presence of MACDefender/Mac Security malware on customers' computers, a leaked memo reveals. "Apple does not provide support or assistance in removal or diagnosis of malware," part of the the document reads. AppleCare representatives are in fact instructed to rule out any issues with Apple products, should a person acknowledge that they installed MACDefender/Mac Security or a variant.
The only help an AppleCare representative will provide if the malware is installed is making sure Mac OS X and security are up-to-date, and directing people to antivirus software on the Mac App Store or the Apple online store. If a person has yet to actually install the malware, AppleCare workers are allowed to tell people to quit the installer and delete the downloaded file. Apple's policies differ from those of Microsoft, which offers free support for malware, and Dell and HP, which will scrub a system but only for a fee.
The MACDefender/Mac Security threat appears to have become one of the most serious to ever hit the Mac. Even though the code requires victims to give permission for installation, a number of Mac users have fallen prey. Whereas just a normal handful of complaint posts were present on Apple's support forums at the end of April, as recently as Wednesday there were 42 separate threads.
One AppleCare representative has claimed that call volumes are four or five times their normal rate, and that the "overwhelming majority" are MACDefender-related. "Many frustrated Mac users think their Mac is impervious to viruses and think this [the malware] is a real warning from Apple. I really wish I could say not many people will fall for this, but in this last week, we have had nothing but Mac Defender and similar calls."
The person adds that even though the malware is easy to remove, Apple is officially holding back on a solution as it might convey the idea that Apple is willing to remove all malware in the future. Most AppleCare workers are nevertheless said to be helping customers with the current threat out of compassion. A small number of Mac users have reportedly fallen victim to the malware's identity theft scheme, in which it will ask people to unlock the software with a credit card, denying each one but asking people to try another. "One person ended up trying five different cards," the AppleCare representative says, citing a second-hand story from a peer. "I'm going to assume criminals now have a hold of the info."
Fresh-Faced Recruit
Joined: Mar 2009
Truth?
I love how articles like this spread like wildfire around the web. Leaked memos, one AppleCare rep, name withheld because he'd probably be fired for saying these things, supposedly gives out true information, and a whole lot of other innuendoes. I have yet to see anyone actually talk directly to Apple or reference an official Apple person so until I see these facts, I'm going to let this one go.
As for comparing Apple's activities to Microsoft (malware is part of their OS) or Dell/HP (typical PC tech process is to scrub a system instead of trying to save a user's data), they are not Apple. In the case of this trojan, there are plenty of reputable websites with easy instructions on how to remove the files. Whether performing this type of self-inflected problem is something AppleCare covers is up to Apple. As most people know, malware does not target Apple systems very often so it's not something Apple or it's users have had to address. I am confident Apple will address this issue after a proper amount of study to make sure they have an adequate process to deal with this trojan as well as those spawned from it.