AAPL Stock: 110.78 ( + 0.4 )

Printed from

Apple tells reps not to remove malware amid outbreak

updated 10:05 am EDT, Thu May 19, 2011

First major malware attack on Macs?

Apple is informing its technical support workers not to remove or even confirm or deny the presence of MACDefender/Mac Security malware on customers' computers, a leaked memo reveals. "Apple does not provide support or assistance in removal or diagnosis of malware," part of the the document reads. AppleCare representatives are in fact instructed to rule out any issues with Apple products, should a person acknowledge that they installed MACDefender/Mac Security or a variant.

The only help an AppleCare representative will provide if the malware is installed is making sure Mac OS X and security are up-to-date, and directing people to antivirus software on the Mac App Store or the Apple online store. If a person has yet to actually install the malware, AppleCare workers are allowed to tell people to quit the installer and delete the downloaded file. Apple's policies differ from those of Microsoft, which offers free support for malware, and Dell and HP, which will scrub a system but only for a fee.

The MACDefender/Mac Security threat appears to have become one of the most serious to ever hit the Mac. Even though the code requires victims to give permission for installation, a number of Mac users have fallen prey. Whereas just a normal handful of complaint posts were present on Apple's support forums at the end of April, as recently as Wednesday there were 42 separate threads.

One AppleCare representative has claimed that call volumes are four or five times their normal rate, and that the "overwhelming majority" are MACDefender-related. "Many frustrated Mac users think their Mac is impervious to viruses and think this [the malware] is a real warning from Apple. I really wish I could say not many people will fall for this, but in this last week, we have had nothing but Mac Defender and similar calls."

The person adds that even though the malware is easy to remove, Apple is officially holding back on a solution as it might convey the idea that Apple is willing to remove all malware in the future. Most AppleCare workers are nevertheless said to be helping customers with the current threat out of compassion. A small number of Mac users have reportedly fallen victim to the malware's identity theft scheme, in which it will ask people to unlock the software with a credit card, denying each one but asking people to try another. "One person ended up trying five different cards," the AppleCare representative says, citing a second-hand story from a peer. "I'm going to assume criminals now have a hold of the info."

by MacNN Staff





  1. prl99

    Joined: Dec 1969



    I love how articles like this spread like wildfire around the web. Leaked memos, one AppleCare rep, name withheld because he'd probably be fired for saying these things, supposedly gives out true information, and a whole lot of other innuendoes. I have yet to see anyone actually talk directly to Apple or reference an official Apple person so until I see these facts, I'm going to let this one go.

    As for comparing Apple's activities to Microsoft (malware is part of their OS) or Dell/HP (typical PC tech process is to scrub a system instead of trying to save a user's data), they are not Apple. In the case of this trojan, there are plenty of reputable websites with easy instructions on how to remove the files. Whether performing this type of self-inflected problem is something AppleCare covers is up to Apple. As most people know, malware does not target Apple systems very often so it's not something Apple or it's users have had to address. I am confident Apple will address this issue after a proper amount of study to make sure they have an adequate process to deal with this trojan as well as those spawned from it.

  1. kdogg73

    Joined: Dec 1969


    So Much You Can Do

    I had to remove Mac Protector from my folks machine. I think with the migration of a lot of Windows users moving to Mac, they still carry with them the mentality of virus/malware protection with them. They can easily get tricked into installing something free. I don't know how they got it, though (frankly, don't want to know), but it was easy to remove. There are step by step instructions out there that will have you malware free in 5 minutes.

    Apple is ridiculed of it's walled garden, but the truth is, there is no wall that can possibly protect a user from the internet and a user. There has to be some responsibility. I told my folks that the Mac does not under any circumstance need 3rd party virus/malware software.

    That's my take.

  1. eldarkus

    Joined: Dec 1969


    Bottom line

    You are installing a third party application that breaks your computer. Yes, YOU! this MUST have admin password manually typed in for you to activate it. Install any third party app to any car and you void the warranty on it.

    If its true, then Apple is right not to support it. Why this is a big deal, i dont understand.

    Now if it was able to be self installed, then Apple should support it since it was a weakness in their OS. But this is not. This is simple trojan. Installer beware

  1. lysolman

    Joined: Dec 1969


    I don't get

    your car analogy. Do you mean install any 3rd party parts, or do you really mean apps?

  1. eldarkus

    Joined: Dec 1969



    My bad.. I meant 3rd party car parts :) And of course not referring to an air filter, belts or anything.. i'm talking about major parts

  1. rudedog

    Joined: Dec 1969


    @ eldarkus

    You can actually install 3rd party parts (even performance parts) on a car and you won't void the warranty. If said problem is not a direct result of said 3rd party part.

    It's actually the law here in the US, it's called the Magnunson-Moss Warranty Act - look it up

  1. Athens

    Joined: Dec 1969



    I come across the PC version of this virus all the time these days. By Antivirus 360 or Antivirus 2011 or 2010 which are all different names for the same fake antivirus product infects computers, prevents stuff from running until a person uses a credit card to unlock the software then it continues to toss up ad's all the time. Of all Windows viruses I see in a given month, almost all have been the fake Antivirus products. Seems users on both sides of the computer front fall victim to this scam.

  1. testudo

    Joined: Dec 1969


    Re: ...

    This scam has been around for a lot longer on windows too. But while Windows gets killed for this type of malware, the fanboys line up to protect Apple's reputation saying it was the user who installed it, so they're at fault.

    Same thing in windows. They have to click "Install" and such to get it to run over there too...

  1. techweenie1

    Joined: Dec 1969


    Push for App Store Only

    Or perhaps this was created from the inside to push for an App Store only Mac OS...

  1. djbeta

    Joined: Dec 1969


    can someone explain ???

    Can someone explain why I ran Symantec on a buddy's Mac infected with this Mac Protector.. it found it, cleaned the disk, etc. (I had his Mac in firewire target mode)... and then he went home, booted up Safari (which I reset), and he had the same problem in seconds??

    Is it possible this "malware" is more insidious than it appears?

Login Here

Not a member of the MacNN forums? Register now for free.


Network Headlines

Follow us on Facebook


Most Popular


Recent Reviews

Polk Hinge Wireless headphones

Polk, a company well-established in the audio market, recently released a new set of headphones aimed at the lifestyle market. The Hin ...

Blue Yeti Studio

Despite being very familiar with Blue Microphones' lower-end products -- we've long recommended the company's Snowball line of mics ...

ZTE Spro 2 Smart Projector

Home theaters are becoming more and more accessible these days, but maybe you've been a bit wary about buying a home projector. And h ...


Most Commented