An AppleCare support rep talks: Mac malware is "getting worse"

An AppleCare support rep talks: Mac malware is "getting worse"

Summary: The number of reports of Mac malware being found in the wild are increasing. The view from inside an Apple call center says this threat is for real. I spoke with an AppleCare support rep who says the problem is getting worse. And Apple's official policy is "We don't help." Here's the transcript.

SHARE:
TOPICS: Malware, Apple, Hardware
540

Over the weekend, I got an e-mail from an AppleCare support rep, who was responding to my recent reports of Mac malware being found in the wild. At least one prominent voice in the Mac community dismisses these reports as “crying wolf.” The view from inside an Apple call center says it’s for real:

I can tell you for a fact, many, many people are falling for this attack. Our call volume here at AppleCare is 4-5x higher than normal and [the overwhelming majority] of our calls are about this Mac Defender and its aliases. Many frustrated Mac users think their Mac is impervious to viruses and think this is a real warning from Apple. I really wish I could say not many people will fall for this, but in this last week, we have had nothing but Mac Defender and similar calls.

I contacted this person and arranged an interview. I’ve edited our conversation to remove any details that might identify this individual or the call center location, but otherwise this is a verbatim transcript.

Update In the Talkback comments, some people express skepticism about these conclusions. Be sure to read my follow-up: Crying wolf? Apple support forums confirm malware explosion. It includes direct quotes from Apple customers caught up by this attack.

EB: Until this latest round of fake AV software started, what was a typical week like for you?

AC: There’s usually about 600 or so of us spread around 14 centers for CPU support. Before this started happening, we had 7-12 minutes between calls generally. Now we're lucky to have any time between calls.

We started getting a trickle of calls a couple weeks ago. However, this last week over 50% of our calls have been about it. In two days last week I personally took 60 calls that referred to Mac Defender.

EB: Do you have a support database that you share for cases like this?

AC: What do you mean? As in articles for new issues we're running into?

EB: Yes, there must have been a point where you noticed that a lot of people were dealing with this Mac Defender thing and that it wasn't just your calls.

AC: We have a team of people who go though all case notes and find new issues that are popping up a lot and send notices to all of AppleCare. Our notice for Mac Defender is that we're not supposed to help customers remove malware from their computer.

EB: Wow.

AC: That's about what i said when I read it. The reason for the rule, they say, is that even though Mac Defender is easy to remove, we can't set the expectation to customers that we will be able to remove all malware in the future. That’s what antivirus is for.

EB: I would imagine most of the people who are calling are fairly panic-stricken.

AC: Well, I'm sure you're aware of what Mac Defender pops up on your screen if you don't buy it. Last call i got before the weekend was a mother screaming at her kids to get out of the room because she didn't want them seeing the images. So, panicking, yes, I'd say that would be the situation usually. I had a teacher call about Mac Defender last week.

EB: So you are supposed to tell them that the Terms of Service don't allow you to help them remove it, and they should ... what?

Page 2: Apple's policy: "We don't help" -->

<-- Previous page

AC: Well, in the agreement for AppleCare, it does state we don't help with malware. However, just because we're told we're not to help people get rid of it, most of us do.

EB: Taking a little risk there? i assume your calls are randomly monitored and you could get a warning if someone decides to be a hardass.

AC: Indeed we are monitored, but I can't personally justify telling a father who’s freaking out about what his 6-year-old daughter just saw that I can’t help him out. Our on-floor managers and QA guys do their best to let it slide, but if they start getting pushed from higher-ups, we could face write-ups and even termination.

EB: Have any of the customers that you helped paid money to the Mac Defender pushers?

AC: My calls? No. However, the rep that works next to me has had a few people who have. It kept "denying their card" and asking them to put another in. One person ended up trying five different cards. I'm going to assume criminals now have ahold of the info.

EB: Ugh. Adding insult to injury.

AC: Its been quite a mess for us lately.

EB: Do you see any signs that it is easing at all, staying the same, accelerating?

AC: It started with one call a day two weeks ago, now it’s every other call. It’s getting worse. And quick.

EB: That doesn't bode well for the future.

AC: No, not at all. I've worked with computers for a while. Removing Mac Defender is easy, but if it ends up like malware for Windows, we're going to have a lot of unhappy customers, which is bad for the advisors. If our customers aren't happy, our pay goes down.

EB: When the bad guys find something that works, they tend to push on it and morph it into other variations.

AC:  It’s going by a few names—Mac Defender, Apple Security, and a few less used name variants. So far the only difference is the names. As long as you don't give it your administrative password you're usually OK.

EB: So customers who get hit by this are installing it and giving their admin password?

AC: Yes.

EB: if they stop before that, nothing bad happens?

AC: Yes, the file will download but for it to install it requres the password. it tries to trick you into giving it by saying its required to remove the infections.

EB: Ah yes, social engineering.

AC: Indeed, looks rather real, if you ignore the fact it pops up in your browser... but for most of us that know computers that’s a giveaway there.

EB: What sort of advice do you leave customers with after you've helped them with this issue?

AC: That even though they're using a Mac, they need antivirus/antimalware. We give them links to Norton. McAfee, and Sophos.

EB: It’s also important to be suspicious online.

AC: Indeed, a lot of it does seem to stem from hearing from the sales person that there’s built in antivirus, and they believe that’s what they're seeing when it comes up.

EB: Good luck dealing with this.

AC: Thanks, I'm sure it won't be long before we have a lot more of this, a lot harder to get rid of, too.

Topics: Malware, Apple, Hardware

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

540 comments
Log in or register to join the discussion
  • Well, going from 1 malware attack for Macs per week to 2 malware attacks ..

    ... per week comparing to 40 000 attacks for Windows PCs per day (!) (security tracking statistical data) <b>is indeed what you call "getting worse".</b>

    <i>""Mac users must remember that less targeted is not the same as invulnerable," said Richard Wang, manager of SophosLabs to eWEEK.

    The threat is not as prevalent as PC users, with only "one to two" attacks on Macs each week, compared to the "tens of thousands" per day against Windows PCs, said Wang."</i>

    http://www.eweek.com/c/a/Security/Sophos-Offers-Free-Macintosh-AntiVirus-Package-773239/
    DDERSSS
    • Reading comprehension

      @denisrs

      I don't know what you read, but this insider says "every other call" is about this problem. One rep took 60 customer calls in two days. Multiply that by 600 reps and you have a real problem.

      But sure, stick your head in the sand if you think that will help.
      Ed Bott
      • RE: An AppleCare support rep talks: Mac malware is

        @Ed Bott: sorry; I grossly underestimated quantity of attack for Windows PCs:

        "Mac users must remember that less targeted is not the same as invulnerable," said Richard Wang, manager of SophosLabs to eWEEK.

        The threat is not as prevalent as PC users, with only <b>"one to two" attacks on Macs each week, compared to the "tens of thousands" per day against Windows PCs</b>, said Wang.

        http://www.eweek.com/c/a/Security/Sophos-Offers-Free-Macintosh-AntiVirus-Package-773239/

        As to quantity of calls to AppleCare, these surely might have increased. But if you multiply very small number even many times, then you still have small numer.
        DDERSSS
      • RE: An AppleCare support rep talks: Mac malware is

        @Ed Bott I am not sure why Denisrs insists on saying PCs get more malware because there are "40000 istances per week and only two for macs." People need to look at the real statistics... Denisrs has proved that the number of attackes has doubled on Macs (if his numbers are accurate). They havent doubled for PCs...

        I feel bad for people who get so tied up on the notion that Macs cannot be infected... Any computer and OS can be infected... the weak link is the user.
        apetti
      • RE: An AppleCare support rep talks: Mac malware is

        @denisrs "The threat is not as prevalent as PC users, with only [b]"one to two" attacks on Macs each week, compared to the "tens of thousands" per day against Windows PCs[/b], said Wang."

        7 Months ago, that may have been the case. Things can change quickly.
        Badgered
      • Another thing said to Mac fanboys.

        @denisrs: [i]But if you multiply very small number even many times, then you still have small numer.[/i]

        When talking about the market share of Apple.
        ye
      • Of course, things do not change in 100 000 times in seven months

        @Badgered: as you since from Edwards' interview, there are no absolute numbers of increased quantity of calls. With that quantity initially being small, having it increased even by "times", will not get really big.
        DDERSSS
      • RE: An AppleCare support rep talks: Mac malware is

        @Ed Bott +1 for Ed shooting and killing a fanboy ;-)
        ColdFusion_z
      • RE: An AppleCare support rep talks: Mac malware is

        @Ed Bott LOL - thank you. Well said and nice article. I love the source and the fact otherwise you would hvae been flammed - yet again - for pointing out a growing trend.
        ItsTheBottomLine
      • RE: An AppleCare support rep talks: Mac malware is

        @denisrs
        That post is from 11-2010. Thanks for the cutting edge 7 month old report.
        cybr2th@...
      • RE: An AppleCare support rep talks: Mac malware is

        @Ed Bott <br><br>There's a good reason for his behavior:<br><br><a href="http://www.tuaw.com/2011/05/17/bbc-loving-apple-looks-like-a-religion-to-an-mri-scan/" target="_blank" rel="nofollow">http://www.tuaw.com/2011/05/17/bbc-loving-apple-looks-like-a-religion-to-an-mri-scan/</a><br><br>Ed, I've said it before and I'll say it again, 99.9% of what people say about computer security is as valuable as the substance that flows through one's anus. You shouldn't have even bothered responding. Let the ignorant Mac user continue down his path path of naivete. Also if you break down his statement, i.e., more attacks on Windows PCs... of course, there's more Windows PCs! <br><br>-M<br><br>PS: Posted from my Mac on a 27" Apple LED. I'm excited (about Apple stuff) not stupid ("There's no malware!")
        betelgeuse68
      • RE: An AppleCare support rep talks: Mac malware is

        @Ed Bott
        No Os can protect people who give out their user name and password. When M$ stops being vulnerable to this, then talk about the Mac vulnerability.
        RedVeg
      • RE: An AppleCare support rep talks: Mac malware is

        @Ed Bott
        LMAO!!! :D

        Ed - thx for the daily chuckle. Luv it!
        rhonin
      • RE: An AppleCare support rep talks: Mac malware is

        @Ed Bott Oddly enough, people who bury their heads in the sand are immune to offers of "free antivirus software", are they not?
        podperson
      • Message has been deleted.

        DDERSSS
      • RE: An AppleCare support rep talks: Mac malware is

        @Ed Bott - When I was very young, I KNEW that there were monsters under my bed, so I closed my eyes because I also knew the rules of nature - if you cannot see something, it cannot see you. I'm now 60+ so it obviously worked. I didn't have a pile of sand in my bedroom, so I did the next best thing.
        dev/null
      • RE: An AppleCare support rep talks: Mac malware is

        @denisrs So how does Windows having more incidents make the issue go away for Mac users?

        BTW - welcome to the malware party! lulz
        ejhonda
      • @ye: When talking about market share of Apple...

        ... you're not exactly talking small, considering they are in the top five of computer manufacturers and rising.
        Vulpinemac
      • Figure out the math

        @denisrs Why don't you crunch these numbers.

        "AC: There?s usually about 600 or so of us spread around 14 centers for CPU support. Before this started happening, we had 7-12 minutes between calls generally. Now we?re lucky to have any time between calls.

        We started getting a trickle of calls a couple weeks ago. However, this last week over 50% of our calls have been about it. In two days last week I personally took 60 calls that referred to Mac Defender."

        Quote from you: "as you since from Edwards' interview, there are no absolute numbers of increased quantity of calls. With that quantity initially being small, having it increased even by "times", will not get really big. "

        Okay, a couple of things in these quotes. They used to have 7-12 minutes in between calls, and now they have almost no time in between calls. I would say that is as absolute as you can get in terms of increased call volume.

        60 calls about Mac Defender in 2 days. 30/day x 600 reps x (guessing with a constant number daily for a week) 7 = 126000 systems coming under attack from this. For considering that last quarter Apple shipped, what, 5 million Macs? So for 4 weeks/month * infections * 3 months = 1.5 million people calling in about this. 1.5 million is 30%. That is pretty substantial. Consider that the security people at Pwn 2 Own were able to install software on a Mac without Admin password, that is a seriously high infection rate that could occur.

        The call centers also only started getting calls about this 2-3 weeks ago and now they are up to 50% of calls being about this, versus ~0% 4 weeks ago. That is an enormous increase! If that keeps going up, you will have to wait a long time to get through to somone for AppleCare support.

        If a simple attack like this is enough to scare Mac users into flooding the call centers about issues, god help those representatives when malware that installs itself gets into the wild. I am pretty sure there are thousands of Mac users right now who are getting this scare who are having second thoughts about their cockiness about using a Mac because of the amount of malware compared to Windows. This is one attack. I have never heard of an attack against Windows where there was the possibility of a 30% attack rate from one attack alone.

        I pity the dumb Mac users who don't know anything about keeping your computer safe. But, as it has always been said, a computer is only as secure as the user. And most Mac users I have talked to think attacks on Macs are impossible. Even Apple stores don't recommend putting anti-virus on your Mac because it isn't required. Oh how that will be changing so soon.

        @Ed Bott Thank you for continuing with these articles. It is very interesting to see what the people on the other end of the phone line are experiencing as there are only a few Mac fanboys here who speak up and think they are smarter than everyone else.
        DanMandor
      • RE: An AppleCare support rep talks: Mac malware is

        denisrs -

        Would you rather be in a bunker and get shot at 1000 times like Windows or be standing in the open and get shot once?
        mswift@...