Dear Apple: Welcome to team anti-malware

Image (3) trojan250.png for post 2790

TrojanIt was brought to my attention today that you’ve now published a knowledge base article explaining how to remove the prolific MacDefender fake security software and it’s various iterations.

While I cannot speak on behalf of an entire industry, I think all of us welcome you with open arms to the team tasked with helping the computer using community stay safe online.

I have to admit though, I am a bit confused by your terminology.

You state in your article:

“A recent phishing scam has targeted Mac users by redirecting them from legitimate websites to fake websites which tell them that their computer is infected with a virus.”

In our business phishing has a very specific definition. According to Wikipedia the agreed upon definition of phishing is:

phish·ing /ˈfiSHiNG/
Noun: The fraudulent practice of sending e-mails purporting to be from legitimate companies in order to induce individuals to reveal personal information, such as credit-card numbers, online.

We have observed that most users are being infected through malicious web pages that are turning up in Google Image searches. The malicious web pages display a fake security scanner convincing the victim to load a program that is in fact malware.

While I can see how you might consider this to be a phishing attack, we usually use that term when the attack is purely social and is trying to acquire your credentials. If it involves social engineering and malicious code we call it a Trojan.

Wikipedia defines a Trojan as:

“A Trojan horse, or Trojan, is a destructive program that masquerades as a benign application. The software initially appears to perform a desirable function for the user prior to installation and/or execution, but (perhaps in addition to the expected function) steals information or harms the system.”

It is also a bit strange that you don’t recommend people to run an anti-virus program when they have been infected or attacked by malicious code. Perhaps it might be prudent to refer people encountering malware on their Macs to your documentation?

It’s great to have you as a partner in our fight against cybercrime, and we hope you continue your commitment to keeping your customers safe online.

Be cautious, question everything and enjoy your internet experience.

Update: As happens, I didn’t consider that Wikipedia is a moving target, so choosing them for definitions wasn’t the smartest thing I’ve done. The quotes above were true at the time of writing.