Crying wolf? Apple support forums confirm malware explosion

Crying wolf? Apple support forums confirm malware explosion

Summary: A couple weeks ago, the proprietor of the world’s number-one Mac site accused me of crying wolf over predictions that Mac malware was around the corner. More than 200 visitors to Apple's support forums would disagree with him. Read the details.


On May 5, John Gruber, the proprietor of the world’s number-one Mac site, Daring Fireball, added my name to a long-running post titled Wolf! The quoted text was taken from my post, Coming Soon to a Mac Near You: Serious Malware.

Gruber’s point is that tech pundits and the makers of security software have been predicting this for years, and it hasn’t happened. But this time things really are different.

Earlier today, I posted an interview with an AppleCare rep who confirmed that this problem is getting worse, One commenter on that post expressed skepticism and even insinuated that I fabricated the interview:

Is it just me, or is this whole thing as sketchy as hell? So we're given to believe that some technical support representative at Apple has told him exactly what he wants to hear - the fact I've NEVER even seen this thing in the wild is just some weird fluke. But of course, we have to take this on trust, because the representative can't be named.

Of course I am not naming this rep, who would be fired in an instant for talking to me. But there is plenty of independent verification for anyone who cares to look.

Yesterday I spent several hours going through and collecting requests for help from Mac users who have been affected by this issue. I found more than 200 separate discussion threads, many of them from people who have been tricked into installing this software and are desperately trying to remove it. It started with four posts on April 30; this past weekend there were 42 unique, new discussion threads on this subject.

I am not unfamiliar with Apple’s forums. I’ve done similar searches in the past, especially after reading some of those same posts that Gruber called out from 2008. I have never found more than one or two in-the-wild reports. This time, the volume is truly exceptional.

(By the way, if you're dealing with this infection, you'll need these removal instructions.)

Let me share some quotes and some links with you.

This attack is nasty. Literally.

I have a virus -- **** sites keep popping up in the middle of what I'm doing. How do I get rid of this virus?

This morning my MacPro had a porn site on it. aghh. And now, in the middle of doing anything on my Mac, porn pops up. How do I get rid of it....specifically....step by step?

A macprotector was installed on my mac how do i get it off?

I was browsing a web site and all of a sudden a program called "macprotector" stalled on it's own and it ran a scan and afterwards told me that i had trojans an such of that nature. And during this time a new window opened up and opened to porn websites.

Porn sites keep popping up on my computer Help

Porn sites just started popping up on my MacBook Pro. Is this a virus? How do I stop this? Do I need anti virus software? Is so, what can I get to prevent this type of thing happening in the future. I have never had a virus on a Mac before and I have been using Macs for years. Please help!

Many victims think it’s an official update or a legit program.

One of the most despicable comments on my earlier post reflected a common blame-the-victim attitude: “So, I should get excited that some people are stupid enough to download a trojan? Not a virus, nor a worm, just a trojan and you have to be retarded to install it.” Classy. Here’s a sampling of what those Mac owners reported:

Can't remove an application or unwanted web sites.

I Can't remove an application that opens at startup and can't be closed; it can't be removed because it is in use. How can I can I bypass the normal startup without a boot disc, or how can I make a boot disc? This obnoxious software is call Mac Protector - anyone have experience with it? It says it is a virus scan (I thought it was a Apple product), and starts scanning automatically.

I just did something really stupid. How do you unintall something I just installed?

I was surfing looking for certain images for my 11 year old's school project. It went into a site that was very inopopreiate. All the sudden, Mac protector came on and I installed it thinking this is the way to protect my computer and now the image is keep popping up and I cannot erase it. I don't know how to install this. Will someone help me?

Totally lost mom.

How do I de-install the bogus mac defender?

Does anyone know how to de-install this bogus software? I nearly fell for it it was so real.

How to remove web pop ups

I just installed an MacProtector version 2.6 as an update and now rude websites are randomly popping out when my son was using the internet.

Page 2: Preying on the weak -->

<-- Previous page

It’s not easy for a nontechnical user to remove.

An "app" call MacProtector appeared. It does not appear in the Finder if I attempt to Force Quit and I can't trash it. How do I get ride of it?

How can I get rid of an app that does not appear in the Finder. It is called MacProtector and I foolishly accepted installation. I cannot Trash it because it is open and I cannot quit it because it doesn't appear in the Force Quit window.

Help - I have a virus & can't uninstall software!!

I got my Macbook Pro back last night and this morning I keep getting a message from a little red shield icon on the top "MacProtector" saying I have a virus and need to clean up my computer. I can't get rid of that icon or the message. I went into applications and it is there and tried the ctrl and selected but, can't put it in the trash. Now I am getting pop ups from unsavory sites. Please tell me what to do!!! I have all my stuff saved on a separate disc if I need to just start from square 1 - I have no problem doing that if it will make all that stuff go away!!!!

I have a little window and icon on my toolbar that says i'm infected. Tried everything and the nasty images that pop up are not only offensive but my kids also use my mac sometimes. Please help!

I saw an earlier post tried ClamXau and it says i'm clean but the messages still appear.

I have a virus/trojan that's still lingering after formatting my macbook twice!

Hi, so i downloaded parallels and now I have some kind of virus that's hiding somewhere in my macbook. i've erased my entire hard drive twice. Once where it's just the 'macintosh' partition and the other is the entire thing. it seems that this is only restoring it to factory settings because the virus is still causing a fake mackeeper advertisement pop up to keep appearing. i've tried using things like clamXav to try and find the problem but it looks as though this is pretty deeply rooted.

Apple won’t help.

Any free or good anti-malware software available?

my computer recently was attacked by malware. Apple support said to ask about anti-malware software on this venue.

help please. How can I remove malware from my computer? I keep getting this pop up Mac Protector it wants to charge me $59.95 to install, I know this is a scam because my computer is also pulling up porn signts

How can I remove this malware virus on my compter. I keep getting this pop up and it says my computer is infected and I need to instal this Mac Protector. It wants to charge me $59.95, i call the MAC store and they said this was fake. I asked how I could remove and they referred me to this website. Can anyone help , it is real annoying I keep getting these porn pop ups too.

Ironically, Gruber has a point when he talks about wolves. The people who distribute this crap are using exactly the same tactics that wolves use when hunting their prey:

The wolf is a carnivore, an animal suited for catching, killing and eating other creatures. Wolves prey primarily on large, hoofed mammals called ungulates.


All of these ungulates have adaptations for defense against wolves, including a great sense of smell, good hearing, agility, speed, and sharp hooves. As these prey are so well adapted to protecting themselves, wolves feed upon vulnerable individuals, such as weak, sick, old, or young animals, or healthy animals hindered by deep snow.

Technically sophisticated computer users are at little risk of falling for one of these scams, whether they use a Mac or a PC. You are very unlikely to find this software installed on my computer, or on John Gruber’s Mac. These wolves are unlikely to take down the most Mac-savvy ungulate of all, the Macalope.

But you might want to keep an eye on the weaker, more vulnerable members of your local herd.

Topics: Software, Apple, Hardware, Malware, Security

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.


Log in or register to join the discussion
  • RE: Crying wolf? Apple support forums confirm malware explosion

    Ed you seem to have got a little obsessed. As the Microsoft Report writer why is it suddenly your role to report Apple problems. Are there not enough Apple hacks on the site to do the job?

    You also have to be careful about claiming there is an "explosion" of malware. Trawling through the Apple forums to find some comments is what you'd normally deride as superficial speculation.
    • Maybe the Apple hacks will pretend it's not happening


      Instead telling us how safe Macs are?
      Will Pharaoh
      • That's what they've done so far.

        @Will Pharaoh: [i]Maybe the Apple hacks will pretend it's not happening[/i]

        Not a single blog from them yet.
      • it's pretty ovbious what the problem is - user gullability

        says it right here, on page2:

        "Technically sophisticated computer users are at little risk of falling for one of these scams, whether they use a Mac or a PC. You are very unlikely to find this software installed on my computer, or on John Gruber?s Mac."

        I honestly can't say I will NOT be working on a friend or neighbor's apple product to remove malware soon, not one of my click happy customers would be even able to navigate any OS that does not have a "start" button.
      • RE: Crying wolf? Apple support forums confirm malware explosion


        "Technically sophisticated computer users are at little risk..."

        So in other words MACs were never for the masses, only for technically gifted people like yourself?? Gee, and all along I thought that the purpose of manufacturing a computer system and OS was to sell them to as many people as possible and make a profit!!! Guess I didn't realize how misguided that thought process is!! Did Steve J get the memo??
      • crying FUD

        @Will Pharaoh
        ed, please, let go. we know how desperate you have become. nowadays your "microsoft report" is all about spreading as much FUD and nonsense about arch enemy apple as possible. please spare is the ridiculous bs. a trojan for the mac? wow. this is news? some poor schlot has installed a malicious program on his mac by giving his password? oh my. the sky is falling! 200 hundred threads! out of a few million. you gotta be kidding. i don't where you have any credibility left, but it surely is not outside IT doofus land.

        why not go back to your duty and "report" that it is much more affordable to spend a few hundred bucks on the latest edition of some random microsoft software than to use any of the free alternatives. after most of the paid microsoft bloggers have already jumped ship, there is only one left: the one and only ed. even mary-jo stopped with this mindless crusade.
        banned from zdnet again and again
      • not my quote


        I quoted the article, I think you misunderstood the point that this is a social engineering problem that is exposed via a web pop-up. Trust me when I tell you, there are people who are determined to bypass all security measures to install something they view as good but is indeed malware. I deal with a good amount of people who do this on a regular basis (let's call them "Joe Six-Pack") and 99% of them would not understand an OS aside from MS.

        You don't need to be technically gifted to realize, a pop-up window is telling me to install something - just have to have common sense and due diligence.
      • RE: Crying wolf? Apple support forums confirm malware explosion

        I'm honestly finding it difficult to follow your strange double-negative sentence structure and punctuation, but if you are saying that Apple Mac users are technically sophisticated, then I guess I would say:

        ha ha... hahahaha ... ha ... ha ...heh.... hahahahaha... hehehe..... *wipes tear from eye*
      • RE: Crying wolf? Apple support forums confirm malware explosion

        @Will Pharaoh Android was designed from the start so carriers and handset makers <a href="">konteyner</a> Server 2008 won?t limit the number of documents that can <a href="">prefabrik ev fiyatlar?</a>
    • Despite his blog's title,


      This is a serious problem. Rogue software like this can change and mutate in a matter of hours. With a great number of Macs <U>not</U> running anti-virus/Anti-malware software, this gives an oppertunity for the bad guys to continue finding new ways of propogating this rogue application without being stopped, which could lead to bigger problems.
      The one and only, Cylon Centurion
      • Sophos just released a white paper

        @Cylon Centurion .... which detailed some of these antivirus malware attacks. Not sure about the Mac version, but the report did mention that there are several variants that "transform" their own basecode every 60 seconds or so, thereby making it extremely difficult to detect by conventional (real) antivirus programs. This stuff is getting worse every week. We should just call seal team 6 and have them visit THAT compound too!!
      • Re: Dispite his blog's title,

        @Cylon Centurion: If there aren't Mac viruses, then where do I find a legitimate Mac anti-virus program? I might as well write a document with TextEdit that says, "Your computer is virus free!" and display it every so often.
      • Message has been deleted.

      • RE: Crying wolf? Apple support forums confirm malware explosion


        You should read up on your malware history. Malware like this can be copied and modified by just about anyone. The source code is floating around somewhere.

        This is where you get variants of similar programs.

        And without users running AV software, the malware has free reign. That's a scary thought should others modify the Mac Defender source code to do other things.
        The one and only, Cylon Centurion
      • RE: Crying wolf? Apple support forums confirm malware explosion

        Anyone looking for a mac antivirus solution, Norton and Computer Associates both have good solutions.
      • FUDware

        I read Ed's nonsense and until I hear anything official from Apple about this, this is nothing but FUDware.

        What is FUDware? It's a well orchestrated campaign of disinformation being posted on the internet in order to scare people into switching back to Micro$oft. Let's just hire a bunch of shills to come on the Apple forums and spread nonsense.

        It's well timed in the midst of a large advertizing campaign by Micro$oft in order to boost less than stellar growth of Windoze 7 sales.

        Not to mention the end of the Justice Department's antitrust decree over M$ that's been around for the last 13 years. We can't forget about that. I guess that now means that their deceitful practices have returned. Watch for future versions of IE to be built back into the OS again. Not to mention Bing crapware.

        Pathetic that 90% monopoly isn't good enough for them that they would have to resort to this to squeezing out the last 10% who want no part of their crap.
        blind obedience
      • Message has been deleted.

      • Message has been deleted.

        blind obedience
        • OHMYGAWD: " i've erased my entire hard drive twice"!!! WAAAAHAHAHAHAHAHA!!!

          "Only good surfing habits can save a user from this type of malicious software. And, no, it's not easy to learn and use these habits 100% of the time."

          What?!? Code that appears spontaneously and demands to be installed should be rejected without having to "learn" the appropriate reaction. If you don't know that already, you've probably got major life problems--like thinking that Fox is actual "news".

          "One of the most despicable comments on my earlier post reflected a common blame-the-victim attitude: 'So, I should get excited that some people are stupid enough to download a trojan? Not a virus, nor a worm, just a trojan and you have to be retarded to install it.' Classy."

          What exactly is despicable about this? You've got the dumbest 200 people on a non-technical forum declaring themselves incompetent to discern (a) code downloaded by the user from (b) malware that appears out of nowhere. These are people who consulted Apple support and came away not knowing how to (a) use Activity Monitor to close programs or (b) select Login Items to keep programs from opening !

          If you don't think formatting your hard drive AND RE-INSTALLING THE TROJAN T-W-I-C-E is an INSULT TO RETARDED PEOPLE, then we're going to have to agree to disagree.
      • RE: Crying wolf? Apple support forums confirm malware explosion

        @Cylon Centurion Trojan Horse software can't magically change and mutate "in a matter of hours", and in fact Trojan Horse software can't even use your computer to "infect" others. All Trojan Horse software does is try to trick people into running their installer. Once the user types in their password to give permission to bypass security, anti-virus software cannot protect the users. All OSs are vulnerable to Trojan Horse software, and the only "cure" is to educate users not to install random software from untrusted sources.

        Trojan Horses aren't particularly new - they've been around since the 70's. But they aren't particularly dangerous, since they can't spread to infect new computers the way viruses can. So while a virus can hit millions of computers, Trojan Horses only affect a fairly small number of people, who hopefully learn from the experience not to run random, untrusted software.