Macs hit by 'Mac Defender' fake antivirus threatApple support 'not supposed to help'

19 May 2011

Mac Defender

Mac Defender scares users by claiming their Mac is infected with viruses.

Users of Apple Mac computers have been hit by a spate of 'fake antivirus' threats according to an AppleCare support rep.

Speaking anonymously to ZDNet, the Apple rep confirmed that attacks on Apple computers by a fake antivirus malware called Mac Defender have become increasingly common.

'I can tell you for a fact: many, many people are falling for this attack. Our call volume here at AppleCare is four to five times higher than normal and [the overwhelming majority] of our calls are about this Mac Defender and its aliases.'

Mac Defender (aka Apple Security) behaves in a similar manner to Windows-based fake software attacks. Upon visiting a malware-infected web page, an installer downloads itself to your Mac and, if allowed to install, presents various warnings of infections. Most alarmingly, it opens pornographic pop-up windows every few minutes, a facet that has caused much distress, according to the anonymous tipster.

'Last call I got before the weekend was a mother screaming at her kids to get out of the room because she didn't want them seeing the images.'

This behaviour then prompts the user to register the product online, where they're asked for credit card details and payment to get full use of the 'software'. Users calling Apple have reported the website denying their card, thus forcing them to try more cards and exposing more of their personal details.

Related: Choosing the best anti-virus software guide

Apple official line: 'don't help'

Most incendiary, however, are claims by the tipster that support staff have been told not to help customers who call asking how to remove the infection.

'Our notice for Mac Defender is that we’re not supposed to help customers remove malware from their computer... The reason for the rule, they say, is that even though Mac Defender is easy to remove, we can't set the expectation to customers that we will be able to remove all malware in the future. That's what antivirus is for.'

Despite this directive, many support staff choose to help anyway.

Which? advice on what do to about Mac Defender

Mac Defender, also known by other names such as 'Apple Security', must have the user's permission to install. If you see an installation window pop-up that you weren't expecting, ignore it. Don't proceed with the installation and don't enter your administrator password without checking the software is legitimate first. If you don't allow it to install there is no threat.

To avoid infections in future, install an antivirus program. Many of the products in our security software reviews also have Mac versions.

If you have installed Mac Defender already, search for removal guides online. Alternatively, Which? Computing subscribers can contact the Which? Computing helpdesk for help on how to remove the threat.

Try Which? Computing today for just £3 and get two issues plus free access to the Which? Computing helpdesk

Source: ZDNet

How to follow the latest Which? Tech news

Are you a Twitter user? Follow WhichTech on Twitter for regular tech tweets.

Prefer RSS? Don't miss a thing with the Which? tech RSS feed

For just the main headlines in newsletter form, sign-up to our weekly Which? tech email.

Apple iPad 2 3G data plans compared - find the best 3G plan for your iPad
Best Android tablets round-up - we look at the best iPad alternatives around
Best cheap laptops for under £500 - find the best laptop deals