Apple has instructed employees taking calls from Apple Care customers not to help them remove the Mac Defender malware, according to a leaked document.
An internal memo, published on ZD Net, explains that:
AppleCare does not provide support for removal of the malware. You should not confirm or deny whether the customer’s Mac is infected or not.
Reps are told that they can help only if Mac Defender has been downloaded but not installed, at which point they should tell the customer to ‘quit the installer and delete the software immediately.’
The document also explains that support workers should not refer customers to Apple retail stores or escalate the issue. Instead, they’re told to refer customers to Apple’s online store and the App Store to buy anti-malware software, though they’re told not to recommend specific titles.
A support rep contacted by ZD Net explained that in the last week, 50% of the calls to the centre in which he works have been about Mac Defender.
We started getting a trickle of calls a couple weeks ago. However, this last week over 50% of our calls have been about it. In two days last week I personally took 60 calls that referred to Mac Defender.
He also explained what happens if support workers try to help distressed callers:
Our on-floor managers and QA guys do their best to let it slide, but if they start getting pushed from higher-ups, we could face write-ups and even termination.
Mac Defender is known by at least one other name, Mac Security, and there are likely to be more versions with different names. In addition, the Apple support worker explained that if a customer does get as far as entering card details, they are likely to be refused, so that they enter details of another card, and another, until the hackers have several sets of card details.
Mac Defender and its variants rely on a user entering an admin password to enable them to install it. If you do encounter it and find it downloading itself, don’t enter your password when asked. Instead, quit the installer and delete the .zip archive. Once installed, the app is no harder to remove than any other; it’s just an app, not a virus infection. Quit the app (if necessary, force-quit by right-clicking its Dock icon or via Activity Monitor), remove the app from Login Items in System Preferences, drag the app itself out of your Applications folder to the Trash, and restart your Mac.
Tagged as:
apple care,
mac defender,
Trojan
For more breaking news and reviews, subscribe to
MacUser magazine. We'll give you
three issues for £1
Reviews
We'd like to think this is Tim Cook doing Gangnam Style and the audience just staring at him http://t.co/Pi1ApLah
RT @macusermagazine: We'd like to think this is Tim Cook doing Gangnam Style and the audience just staring at him http://t.co/Pi1ApLah
@macusermagazine Caption : "So I had Forstall by the throat, and Browett just stood there..."
Apple closes its eyes, puts its fingers in its ears, and pretends Mac Defender doesn’t exist
by Kenny Hemphill on May 19, 2011
Apple has instructed employees taking calls from Apple Care customers not to help them remove the Mac Defender malware, according to a leaked document.
An internal memo, published on ZD Net, explains that:
Reps are told that they can help only if Mac Defender has been downloaded but not installed, at which point they should tell the customer to ‘quit the installer and delete the software immediately.’
The document also explains that support workers should not refer customers to Apple retail stores or escalate the issue. Instead, they’re told to refer customers to Apple’s online store and the App Store to buy anti-malware software, though they’re told not to recommend specific titles.
A support rep contacted by ZD Net explained that in the last week, 50% of the calls to the centre in which he works have been about Mac Defender.
He also explained what happens if support workers try to help distressed callers:
Mac Defender is known by at least one other name, Mac Security, and there are likely to be more versions with different names. In addition, the Apple support worker explained that if a customer does get as far as entering card details, they are likely to be refused, so that they enter details of another card, and another, until the hackers have several sets of card details.
Mac Defender and its variants rely on a user entering an admin password to enable them to install it. If you do encounter it and find it downloading itself, don’t enter your password when asked. Instead, quit the installer and delete the .zip archive. Once installed, the app is no harder to remove than any other; it’s just an app, not a virus infection. Quit the app (if necessary, force-quit by right-clicking its Dock icon or via Activity Monitor), remove the app from Login Items in System Preferences, drag the app itself out of your Applications folder to the Trash, and restart your Mac.
Tagged as: apple care, mac defender, Trojan