The Ed Bott Report

Ed Bott
Home / News & Blogs / The Ed Bott Report

Crying wolf? Apple support forums confirm malware explosion

By | May 18, 2011, 11:00am PDT

Summary: A couple weeks ago, the proprietor of the world’s number-one Mac site accused me of crying wolf over predictions that Mac malware was around the corner. More than 200 visitors to Apple’s support forums would disagree with him. Read the details.

On May 5, John Gruber, the proprietor of the world’s number-one Mac site, Daring Fireball, added my name to a long-running post titled Wolf! The quoted text was taken from my post, Coming Soon to a Mac Near You: Serious Malware.

Gruber’s point is that tech pundits and the makers of security software have been predicting this for years, and it hasn’t happened. But this time things really are different.

Earlier today, I posted an interview with an AppleCare rep who confirmed that this problem is getting worse, One commenter on that post expressed skepticism and even insinuated that I fabricated the interview:

Is it just me, or is this whole thing as sketchy as hell? So we’re given to believe that some technical support representative at Apple has told him exactly what he wants to hear - the fact I’ve NEVER even seen this thing in the wild is just some weird fluke. But of course, we have to take this on trust, because the representative can’t be named.

Of course I am not naming this rep, who would be fired in an instant for talking to me. But there is plenty of independent verification for anyone who cares to look.

Yesterday I spent several hours going through discussions.apple.com and collecting requests for help from Mac users who have been affected by this issue. I found more than 200 separate discussion threads, many of them from people who have been tricked into installing this software and are desperately trying to remove it. It started with four posts on April 30; this past weekend there were 42 unique, new discussion threads on this subject.

I am not unfamiliar with Apple’s forums. I’ve done similar searches in the past, especially after reading some of those same posts that Gruber called out from 2008. I have never found more than one or two in-the-wild reports. This time, the volume is truly exceptional.

(By the way, if you’re dealing with this infection, you’ll need these removal instructions.)

Let me share some quotes and some links with you.

This attack is nasty. Literally.

I have a virus — **** sites keep popping up in the middle of what I’m doing. How do I get rid of this virus?

This morning my MacPro had a porn site on it. aghh. And now, in the middle of doing anything on my Mac, porn pops up. How do I get rid of it….specifically….step by step?

A macprotector was installed on my mac how do i get it off?

I was browsing a web site and all of a sudden a program called “macprotector” stalled on it’s own and it ran a scan and afterwards told me that i had trojans an such of that nature. And during this time a new window opened up and opened to porn websites.

Porn sites keep popping up on my computer Help

Porn sites just started popping up on my MacBook Pro. Is this a virus? How do I stop this? Do I need anti virus software? Is so, what can I get to prevent this type of thing happening in the future. I have never had a virus on a Mac before and I have been using Macs for years. Please help!

Many victims think it’s an official update or a legit program.

One of the most despicable comments on my earlier post reflected a common blame-the-victim attitude: “So, I should get excited that some people are stupid enough to download a trojan? Not a virus, nor a worm, just a trojan and you have to be retarded to install it.” Classy. Here’s a sampling of what those Mac owners reported:

Can’t remove an application or unwanted web sites.

I Can’t remove an application that opens at startup and can’t be closed; it can’t be removed because it is in use. How can I can I bypass the normal startup without a boot disc, or how can I make a boot disc? This obnoxious software is call Mac Protector - anyone have experience with it? It says it is a virus scan (I thought it was a Apple product), and starts scanning automatically.

I just did something really stupid. How do you unintall something I just installed?

I was surfing looking for certain images for my 11 year old’s school project. It went into a site that was very inopopreiate. All the sudden, Mac protector came on and I installed it thinking this is the way to protect my computer and now the image is keep popping up and I cannot erase it. I don’t know how to install this. Will someone help me?

Totally lost mom.

How do I de-install the bogus mac defender?

Does anyone know how to de-install this bogus software? I nearly fell for it it was so real.

How to remove web pop ups

I just installed an MacProtector version 2.6 as an update and now rude websites are randomly popping out when my son was using the internet.

Page 2: Preying on the weak –>

More from “The Ed Bott Report”

Topics

Software, Apple Macintosh, Malware, Apple Inc., Virus, Computer, Gruber, Cyberthreats, Desktops, Viruses And Worms, Security, Hardware, Ed Bott

Ed Bott is an award-winning technology writer with more than two decades' experience writing for mainstream media outlets and online publications.

Disclosure

Ed Bott

Ed Bott is a freelance technical journalist and book author. All work that Ed does is on a contractual basis.

Since 1994, Ed has written more than 25 books about Microsoft Windows and Office. Along with various co-authors, Ed is completely responsible for the content of the books he writes. As a key part of his contractual relationship with publishers, he gives them permission to print and distribute the content he writes and to pay him a royalty based on the actual sales of those books. Ed's books are currently distributed by Que Publishing (a division of Pearson Education) and by Microsoft Press.

On occasion, Ed accepts consulting assignments. In recent years, he has worked as an expert witness in cases where his experience and knowledge of Microsoft and Microsoft Windows have been useful. In each such case, his compensation is on an hourly basis, and he is hired as a witness, not an advocate.

Ed does not own stock or have any other financial interest in Microsoft or any other software company. He owns 500 shares of stock in EMC Corporation, which was purchased before the company's acquisition of VMWare. In addition, he owns 350 shares of stock in Intel Corporation, purchased more than two years ago. All stocks are held in retirement accounts for long-term growth.

Ed does not accept gifts from companies he covers. All hardware products he writes about are purchased with his own funds or are review units covered under formal loan agreements and are returned after the review is complete.

Biography

Ed Bott

Ed Bott is an award-winning technology writer with more than two decades' experience writing for mainstream media outlets and online publications. He's served as editor of the U.S. edition of PC Computing and managing editor of PC World; both publications had monthly paid circulation in excess of 1 million during his tenure. He is the author of more than 25 books on Microsoft Windows and Office, including the recently released Windows 7 Inside Out.

Talkback Most Recent of 286 Talkback(s)

  • RE: Crying wolf? Apple support forums confirm malware explosion
    Ed you seem to have got a little obsessed. As the Microsoft Report writer why is it suddenly your role to report Apple problems. Are there not enough Apple hacks on the site to do the job?

    You also have to be careful about claiming there is an "explosion" of malware. Trawling through the Apple forums to find some comments is what you'd normally deride as superficial speculation.
    ZDNet Gravatar
    martin23
    18th May
  • Maybe the Apple hacks will pretend it's not happening
    @martin23

    Instead telling us how safe Macs are?
    ZDNet Gravatar
    Will Pharaoh
    18th May
  • That's what they've done so far.
    @Will Pharaoh: Maybe the Apple hacks will pretend it's not happening

    Not a single blog from them yet.
    ZDNet Gravatar
    ye
    18th May
  • it's pretty ovbious what the problem is - user gullability
    says it right here, on page2:

    "Technically sophisticated computer users are at little risk of falling for one of these scams, whether they use a Mac or a PC. You are very unlikely to find this software installed on my computer, or on John Gruber?s Mac."

    I honestly can't say I will NOT be working on a friend or neighbor's apple product to remove malware soon, not one of my click happy customers would be even able to navigate any OS that does not have a "start" button.
    ZDNet Gravatar
    ~doolittle~
    18th May
  • RE: Crying wolf? Apple support forums confirm malware explosion
    @doolittle

    "Technically sophisticated computer users are at little risk..."

    So in other words MACs were never for the masses, only for technically gifted people like yourself?? Gee, and all along I thought that the purpose of manufacturing a computer system and OS was to sell them to as many people as possible and make a profit!!! Guess I didn't realize how misguided that thought process is!! Did Steve J get the memo??
    ZDNet Gravatar
    jimsj
    18th May
    • Flagged
  • crying FUD
    @Will Pharaoh
    ed, please, let go. we know how desperate you have become. nowadays your "microsoft report" is all about spreading as much FUD and nonsense about arch enemy apple as possible. please spare is the ridiculous bs. a trojan for the mac? wow. this is news? some poor schlot has installed a malicious program on his mac by giving his password? oh my. the sky is falling! 200 hundred threads! out of a few million. you gotta be kidding. i don't where you have any credibility left, but it surely is not outside IT doofus land.

    why not go back to your duty and "report" that it is much more affordable to spend a few hundred bucks on the latest edition of some random microsoft software than to use any of the free alternatives. after most of the paid microsoft bloggers have already jumped ship, there is only one left: the one and only ed. even mary-jo stopped with this mindless crusade.
    ZDNet Gravatar
    banned from zdnet again and again
    18th May
    • Flagged
  • not my quote
    @jimsj

    I quoted the article, I think you misunderstood the point that this is a social engineering problem that is exposed via a web pop-up. Trust me when I tell you, there are people who are determined to bypass all security measures to install something they view as good but is indeed malware. I deal with a good amount of people who do this on a regular basis (let's call them "Joe Six-Pack") and 99% of them would not understand an OS aside from MS.

    You don't need to be technically gifted to realize, a pop-up window is telling me to install something - just have to have common sense and due diligence.
    ZDNet Gravatar
    ~doolittle~
    19th May
  • RE: Crying wolf? Apple support forums confirm malware explosion
    @doolittle
    I'm honestly finding it difficult to follow your strange double-negative sentence structure and punctuation, but if you are saying that Apple Mac users are technically sophisticated, then I guess I would say:

    ha ha... hahahaha ... ha ... ha ...heh.... hahahahaha... hehehe..... *wipes tear from eye*
    ZDNet Gravatar
    Traxxion
    20th May
  • RE: Crying wolf? Apple support forums confirm malware explosion
    @Will Pharaoh Android was designed from the start so carriers and handset makers konteyner Server 2008 won?t limit the number of documents that can prefabrik ev fiyatlar?
    ZDNet Gravatar
    ottoman1
    12th Sep
  • Despite his blog's title,
    @martin23

    This is a serious problem. Rogue software like this can change and mutate in a matter of hours. With a great number of Macs not running anti-virus/Anti-malware software, this gives an oppertunity for the bad guys to continue finding new ways of propogating this rogue application without being stopped, which could lead to bigger problems.
    ZDNet Gravatar
    Cylon Centurion
    18th May
  • Sophos just released a white paper
    @Cylon Centurion .... which detailed some of these antivirus malware attacks. Not sure about the Mac version, but the report did mention that there are several variants that "transform" their own basecode every 60 seconds or so, thereby making it extremely difficult to detect by conventional (real) antivirus programs. This stuff is getting worse every week. We should just call seal team 6 and have them visit THAT compound too!!
    ZDNet Gravatar
    rock06r
    18th May
  • Re: Dispite his blog's title,
    @Cylon Centurion: If there aren't Mac viruses, then where do I find a legitimate Mac anti-virus program? I might as well write a document with TextEdit that says, "Your computer is virus free!" and display it every so often.
    ZDNet Gravatar
    Relayman5C
    18th May
  • Message has been deleted.
    ZDNet Gravatar
    i8thecat
    19th May
    • Flagged
  • RE: Crying wolf? Apple support forums confirm malware explosion
    @i8thecat

    You should read up on your malware history. Malware like this can be copied and modified by just about anyone. The source code is floating around somewhere.

    This is where you get variants of similar programs.

    And without users running AV software, the malware has free reign. That's a scary thought should others modify the Mac Defender source code to do other things.
    ZDNet Gravatar
    Cylon Centurion
    18th May
  • RE: Crying wolf? Apple support forums confirm malware explosion
    Anyone looking for a mac antivirus solution, Norton and Computer Associates both have good solutions.
    ZDNet Gravatar
    snoop0x7b
    18th May
View More Comments

Talkback - Tell Us What You Think

Formatting +
BB Codes - Note: HTML is not supported in forums
  • [b] Bold [/b]
  • [i] Italic [/i]
  • [u] Underline [/u]
  • [s] Strikethrough [/s]
  • [q] "Quote" [/q]
  • [ol][*] 1. Ordered List [/ol]
  • [ul][*] · Unordered List [/ul]
  • [pre] Preformat [/pre]
  • [quote] "Blockquote" [/quote]

The best of ZDNet, delivered

ZDNet Newsletters

Get the best of ZDNet delivered straight to your inbox

Facebook Activity

Blog Roll

Blog Archive

White Papers, Webcasts, & Resources