On May 2nd, we reported on a nefarious new security threat that had been detected by Mac antivirus and security developer Intego. The finding was "a rogue anti-malware program" dubbed MACDefender. According to a report from the agency, MACDefender attacks Macs via "SEO poisoning" assaults. (NOTE: The malware described here is in NO WAY affiliated with MacDefender, makers of popular geocaching software).
Unfortunately, not only has this security threat failed to disappear, it has secured the attention of Apple. Based on the findings of a stealthily obtained internal AppleCare document, the "MACDefender" software has attained the status within Apple as an "Issue/Investigation in Progress."
Simply put, Apple has notified its vast sea of support representatives that "AppleCare does not provide support for removal of the malware." So if a customer afflicted by MACDefender shows up or phones in looking for help, the speaking point is as follows: "Explain that Apple does not make recommendations for specific software to assist in removing malware. The customer can be directed to the Apple Online Store and the Mac App Store for antivirus software options."
According to the supposed guidelines contained within the leaked document, these bullet points are to be followed by Apple support reps when encountering an infected machine:
- Do not confirm or deny that any such software has been installed.
- Do not attempt to remove or uninstall any malware software.
- Do not send any escalations or contact Tier 2 for support about removing the software, or provide impact data.
- Do not refer customers to the Apple Retail Store. The ARS does not provide any additional support for malware.
Requests for comment from Apple regarding MACDefender were not immediately granted.