Crying wolf? Apple support forums confirm malware explosion

On May 5, John Gruber, the proprietor of the world’s number-one Mac site, Daring Fireball, added my name to a long-running post titled Wolf! The quoted text was taken from my post, Coming Soon to a Mac Near You: Serious Malware.

Gruber’s point is that tech pundits and the makers of security software have been predicting this for years, and it hasn’t happened. But this time things really are different.

Earlier today, I posted an interview with an AppleCare rep who confirmed that this problem is getting worse, One commenter on that post expressed skepticism and even insinuated that I fabricated the interview:

Is it just me, or is this whole thing as sketchy as hell? So we're given to believe that some technical support representative at Apple has told him exactly what he wants to hear - the fact I've NEVER even seen this thing in the wild is just some weird fluke. But of course, we have to take this on trust, because the representative can't be named.

Of course I am not naming this rep, who would be fired in an instant for talking to me. But there is plenty of independent verification for anyone who cares to look.

Yesterday I spent several hours going through discussions.apple.com and collecting requests for help from Mac users who have been affected by this issue. I found more than 200 separate discussion threads, many of them from people who have been tricked into installing this software and are desperately trying to remove it. It started with four posts on April 30; this past weekend there were 42 unique, new discussion threads on this subject.

I am not unfamiliar with Apple’s forums. I’ve done similar searches in the past, especially after reading some of those same posts that Gruber called out from 2008. I have never found more than one or two in-the-wild reports. This time, the volume is truly exceptional.

(By the way, if you're dealing with this infection, you'll need these removal instructions.)

Let me share some quotes and some links with you.

This attack is nasty. Literally.

I have a virus -- **** sites keep popping up in the middle of what I'm doing. How do I get rid of this virus?

This morning my MacPro had a porn site on it. aghh. And now, in the middle of doing anything on my Mac, porn pops up. How do I get rid of it....specifically....step by step?

A macprotector was installed on my mac how do i get it off?

I was browsing a web site and all of a sudden a program called "macprotector" stalled on it's own and it ran a scan and afterwards told me that i had trojans an such of that nature. And during this time a new window opened up and opened to porn websites.

Porn sites keep popping up on my computer Help

Porn sites just started popping up on my MacBook Pro. Is this a virus? How do I stop this? Do I need anti virus software? Is so, what can I get to prevent this type of thing happening in the future. I have never had a virus on a Mac before and I have been using Macs for years. Please help!

Many victims think it’s an official update or a legit program.

One of the most despicable comments on my earlier post reflected a common blame-the-victim attitude: “So, I should get excited that some people are stupid enough to download a trojan? Not a virus, nor a worm, just a trojan and you have to be retarded to install it.” Classy. Here’s a sampling of what those Mac owners reported:

Can't remove an application or unwanted web sites.

I Can't remove an application that opens at startup and can't be closed; it can't be removed because it is in use. How can I can I bypass the normal startup without a boot disc, or how can I make a boot disc? This obnoxious software is call Mac Protector - anyone have experience with it? It says it is a virus scan (I thought it was a Apple product), and starts scanning automatically.

I just did something really stupid. How do you unintall something I just installed?

I was surfing looking for certain images for my 11 year old's school project. It went into a site that was very inopopreiate. All the sudden, Mac protector came on and I installed it thinking this is the way to protect my computer and now the image is keep popping up and I cannot erase it. I don't know how to install this. Will someone help me?

Totally lost mom.

How do I de-install the bogus mac defender?

Does anyone know how to de-install this bogus software? I nearly fell for it it was so real.

How to remove web pop ups

I just installed an MacProtector version 2.6 as an update and now rude websites are randomly popping out when my son was using the internet.

Page 2: Preying on the weak -->

<-- Previous page

It’s not easy for a nontechnical user to remove.

An "app" call MacProtector appeared. It does not appear in the Finder if I attempt to Force Quit and I can't trash it. How do I get ride of it?

How can I get rid of an app that does not appear in the Finder. It is called MacProtector and I foolishly accepted installation. I cannot Trash it because it is open and I cannot quit it because it doesn't appear in the Force Quit window.

Help - I have a virus & can't uninstall software!!

I got my Macbook Pro back last night and this morning I keep getting a message from a little red shield icon on the top "MacProtector" saying I have a virus and need to clean up my computer. I can't get rid of that icon or the message. I went into applications and it is there and tried the ctrl and selected but, can't put it in the trash. Now I am getting pop ups from unsavory sites. Please tell me what to do!!! I have all my stuff saved on a separate disc if I need to just start from square 1 - I have no problem doing that if it will make all that stuff go away!!!!

I have a little window and icon on my toolbar that says i'm infected. Tried everything and the nasty images that pop up are not only offensive but my kids also use my mac sometimes. Please help!

I saw an earlier post tried ClamXau and it says i'm clean but the messages still appear.

I have a virus/trojan that's still lingering after formatting my macbook twice!

Hi, so i downloaded parallels and now I have some kind of virus that's hiding somewhere in my macbook. i've erased my entire hard drive twice. Once where it's just the 'macintosh' partition and the other is the entire thing. it seems that this is only restoring it to factory settings because the virus is still causing a fake mackeeper advertisement pop up to keep appearing. i've tried using things like clamXav to try and find the problem but it looks as though this is pretty deeply rooted.

Apple won’t help.

Any free or good anti-malware software available?

my computer recently was attacked by malware. Apple support said to ask about anti-malware software on this venue.

help please. How can I remove malware from my computer? I keep getting this pop up Mac Protector it wants to charge me $59.95 to install, I know this is a scam because my computer is also pulling up porn signts

How can I remove this malware virus on my compter. I keep getting this pop up and it says my computer is infected and I need to instal this Mac Protector. It wants to charge me $59.95, i call the MAC store and they said this was fake. I asked how I could remove and they referred me to this website. Can anyone help , it is real annoying I keep getting these porn pop ups too.

Ironically, Gruber has a point when he talks about wolves. The people who distribute this crap are using exactly the same tactics that wolves use when hunting their prey:

The wolf is a carnivore, an animal suited for catching, killing and eating other creatures. Wolves prey primarily on large, hoofed mammals called ungulates.

[…]

All of these ungulates have adaptations for defense against wolves, including a great sense of smell, good hearing, agility, speed, and sharp hooves. As these prey are so well adapted to protecting themselves, wolves feed upon vulnerable individuals, such as weak, sick, old, or young animals, or healthy animals hindered by deep snow.

Technically sophisticated computer users are at little risk of falling for one of these scams, whether they use a Mac or a PC. You are very unlikely to find this software installed on my computer, or on John Gruber’s Mac. These wolves are unlikely to take down the most Mac-savvy ungulate of all, the Macalope.

But you might want to keep an eye on the weaker, more vulnerable members of your local herd.