The memo, dated May 16, 2011, instructs AppleCare support staff how to react if a Mac users calls about possible infection of the Mac Defender malware, which displays a web pop-up telling a user that his or her Mac has been infected by a virus and to install bogus anti-virus software. If the user installs the software, the program loads porn sites on the computer.
Bott, who was the first to spot complaints about the malware in Apple’s support forums, said that he counted 200 posts from users asking for help to remove the bogus software.
According to the Apple memo, there are two resolution paths that AppleCare representatives can take when users call about Mac Defender. If the user says he or she has not yet installed the bogus software, representatives are instructed to suggest that the user quit the installer and delete the software immediate.
“AppleCare does not provide support for removal of the malware. You should not confirm or deny whether the customer’s Mac is infected or not”, the memo says.
If the user says he or she has already installed the software, Apple provides support staff with a number of guidelines.
“Important: Apple does not provide support or assistance in removal or diagnosis of malware. If the customer’s Apple product is eligible for support, advisors should determine that the Apple product is working properly by isolating the issue and ruling out issues with Apple product”, the memo states.
Apple advises support staff to make sure Mac OS X is up-to-date and all available security updates have been installed, direct the customer to the Help document “What is Malware?”, and then explain to the customer that “Apple does not make recommendations for specific software to assist in removing malware.”
Then, Apple provides four “important” bullet points for the support staff:
- Do not confirm or deny that any such software has been installed.
- Do not attempt to remove or uninstall any malware software.
- Do not send any escalations or contact Tier 2 for support about removing the software, or provide impact data.
- Do not refer customers to the Apple Retail Store. The ARS does not provide any additional support for malware.
Apparently, AppleCare really doesn’t care about helping Mac users with malware on their machines. Apple did not return Infosecurity’s phone call asking for comment on the memo and the Mac Defender malware.
Karel Obluk, chief scientist at internet security company AVG, was willing to comment: "After the recent discovery of a malware toolkit for Apple's OS X, it's clear that usage of the platform has reached a critical level, at which it has become a profitable target for malware developers. This marks a watershed in OS X's user experience, after which users will have to be more vigilant about their security online, and will need to take actions to protect themselves against online threats.”
Obluk added, "For Apple, it's time to admit that there are threats to OS X users, and to start educating its customers on how to avoid them. Avoiding the issue is an unacceptable abdication of its duty to its customers."