Apple Issues Advisory For Mac Defender Phishing Attack

In what has been up until now unchartered territory, Apple admitted that the recent onslaught of MacDefender malware is a threat to its Mac OS X platform and offered a temporary workaround to mitigate the problem.

Apple issued an advisory Tuesday, warning users about a new strain of Mac Defender malware , also known as Mac Defender scareware, a phishing scam that targets users by redirecting them to fake antivirus Web sites that download malicious code onto users' Macs. The admission and subsequent advisory represented a stark about-face from the Cupertino-based company's previous directive that prohibited support staff from offering help to users calling for assistance after becoming infected with the MacDefender malware.

During the phishing attack, Mac users are subjected to a link or pop-up directing them to a fake antivirus site. The site then purports to conduct a scan, and then falsely determines that their machine is infected with a virus. The scammers then offer the Mac Defender fake antivirus software in order to resolve the issue.

In reality, however, the download installs bogus software on the user's Mac, designed to elicit credit card credentials from users who think they're paying for antivirus.

The attack swept through users' Macs last week, pummeling thousands of users and flummoxing Apple helpdesk personnel ill-equipped to deal with the onslaught of calls associated with the Mac Defender scareware.

Security experts said the Mac Defender phishing scam was identical to fake antivirus attacks targeting the Windows platform.

"It's exactly identical to the Windows-based version, said David Perry, director of global education at Trend Micro. "There's no real malware. This isn't going to destroy any data. The end goal for these (scammers) is to get you to pay for fake antivirus."

In its advisory, Apple said that it planned to release a security update remediating Mac Defender malware from Mac OS X.

"In the coming days, Apple will deliver a Mac OS X software update that will automatically find and remove MacDefender malware and its known variants. The update will also help protect users by providing an explicit warning if they download this malware," Apple said in its advisory.

However, Apple offered detailed steps for removing the scareware, as well as several security best practices, until the company could develop and release a fix.

In its advisory, Apple recommended that users immediately close their Safari browser if they receive any notification about viruses or solicitations for Mac Defender security software. If the malware prevents users from closing their browser, Apple said that they should apply the Force Quit function.

Apple added that users should delete the installer and avoid entering any administrative passwords if the browser automatically downloaded the malware and launched the installer. Should malware be installed, Apple advised users to follow the given instructions, while instructing them to "not provide your credit card information under any circumstances," Apple said.

Apple's advisory shortly follows after the company reportedly barred its support staff from suggesting to users that they could be infected with Mac Defender scareware or offering help.

Next: Security Experts Weigh In On Mac Defender Response

According to a ZDNet blog, the division handling Mac support calls is estimated to have received anywhere between 60,000 to 125,000 calls from users infected by Mac Defender scareware.

In the published memo, which ZDNet said was acquired from an outsourced support company, Apple reportedly prohibited its help desk personnel from showing the customers how to force quit Safari on a Mac Defender call, how to remove it from the Login items, and how to stop the process of Mac Defender in their Activity Monitor, while explicitly forbidding support staff from referring the customer to any forums or discussion board for resolution.

The memo did contain a provision allowing help desk support to recommend several third party antivirus programs for the affected users' to consider.

Apple did not immediately respond to requests for confirmation from CRN.

Trend Micro's Perry said that until now, Apple was relatively green at dealing with widespread security issues and attacks targeting its platform. This incident could set a president for the way Apple handles' malware attacks in the future, he added.

"The first time somebody gets hit with something like this, it takes them a while to pull themselves up from their bootstraps and deal with it. The first thing people do is panic and sweep it under the carpet. There're all kinds of human emotions that come into play," Perry said. "There is an absolute certainty that this is going to be a template job for the rest of the 21st century -- explaining to people how you got hacked."

Meanwhile, other security experts took a more critical stance, criticizing Apple for its alleged hands-off approach to dealing with the Mac Defender problem.

"Apple's famous PR savvy apparently doesn’t apply to handling security incidents. It is genuinely tragic that such a large number of OS X user are falling victim to this scam, and Apple's response is less than helpful," said Chester Wisniewski, senior security adviser at Sophos, in a blog post. "You could argue that Apple created this false sense of security through their marketing and advertisements suggesting Apple users are immune to security threats. Now that some of their flock are affected, it would be good of them to at least point people in the right direction."