OS X Malware Demands $300 FBI Fine For Viewing, Distributing Porn

← Back to Stories (view on slashdot.org)

OS X Malware Demands $300 FBI Fine For Viewing, Distributing Porn

Posted by timothy on Tuesday July 16, 2013 @04:11AM from the receipt-is-useless dept.

An anonymous reader writes "A new piece of malware is targeting OS X to extort money from victims by accusing them of illegally accessing pornography. Ransomware typically uses claims of breaking the law and names law enforcement (such as the CIA or FBI) to scare victims, but it is usually aimed at Windows users, not Mac users. The security firm Malwarebytes first spotted this latest threat, noting that criminals have ported the ransomware scheme to OS X and are even exploiting a Safari-specific feature. The ransomware page in question gets pushed onto unsuspecting users browsing high-trafficked sites as well as when searching for popular keywords."

173 comments

Min score:

Reason:

Sort:

Ok? by i+kan+reed · 2013-07-16 04:14 · Score: 4, Insightful

I thought we were past the "being surprised that apple products get malware" stage years ago. This seems like a pretty run-of-the-mill scam. I can't really see what's notable about it. Someone help?
1. Re:Ok? by Anonymous Coward · 2013-07-16 04:19 · Score: 2, Funny
  
  Apple never have bugs, everything is perfect. Move along now, citizen.
2. Re:Ok? by Anonymous Coward · 2013-07-16 04:20 · Score: 2, Funny
  
  You know the "x on the internet" effect in which it is somehow more novel than x by itself?
  Well "x on a mac" effect is even worse.
3. Re:Ok? by SSpade · 2013-07-16 04:21 · Score: 5, Informative
  
  It's not malware. It's just a webpage.
  Gullibility isn't OS-specific.
4. Re:Ok? by Anonymous Coward · 2013-07-16 04:34 · Score: 3, Funny
  
  Don't let the patent office hear that.
5. Re:Ok? by interkin3tic · 2013-07-16 04:36 · Score: 1
  
  A few weeks ago, the computer in my lab that is connected to two somewhat expensive bits of equipment came down with this. That was more surprising to me. It's connected to the gel imager and is in a common area. People put agarose gels in the imager and then forget to take off their gloves to use the computer. The keyboard is probably covered in ethidium bromide. Why someone would be watching porn on it is beyond me.
  
  I guess on the bright side, semen being on the keyboard isn't a huge concern compared to the EtBr, but the ransomware prevented some people from doing their research. It said we could unlock it and avoid prosecution by paying $300 at the local CVS. I guess that sounds like a good deal to some people, possibly the person who was jerking off with carcinogens.
6. Re:Ok? by SJHillman · 2013-07-16 04:37 · Score: 1
  
  Safari isn't OS-specific either, but the primary Safari market is OS X users. So if it's exploiting Safari, then it's probably aimed at Mac users.
7. Re:Ok? by Samantha+Wright · 2013-07-16 05:28 · Score: 2, Insightful
  
  ...well, there's a pretty simple way to check whether or not your fears are founded. Just shine a UV lamp on the keyboard and examine the shapes of the stains. This is like the forensic chemistry equivalent of a textbook physics problem set in a textbook factory.
  
  --
  Bio questions? Ask me to start a Q&A journal. Computer analogies available for most topics!
8. Re:Ok? by fazey · 2013-07-16 05:28 · Score: 1
  
  Depends on the payload really. I dont know the details of the exploit, but if it requires dumping shellcode... that would make it OS specific.
9. Re:Ok? by Rosyna · 2013-07-16 05:33 · Score: 5, Informative
  
  there's no payload and no exploit involved. it's just a webpage that opens another webpage when you try to close it.
10. Re:Ok? by fazey · 2013-07-16 06:25 · Score: 4, Insightful
  
  So how is this "mac specific" or an "exploit"... and not just... a popup?
11. Re:Ok? by tlhIngan · 2013-07-16 07:03 · Score: 2, Informative
  
  Safari isn't OS-specific either, but the primary Safari market is OS X users. So if it's exploiting Safari, then it's probably aimed at Mac users.
  It was demonstrated on Safari, but apparently it works on Chrome as well. And I'd say it'll probably work on Firefox too.
  It's especially annoying since the browser helpfully restores your last session when they crash, so this site and its 150 popups make it persistent indeed.
12. Re:Ok? by Gr8Apes · 2013-07-16 07:33 · Score: 4, Informative
  
  and easy enough to kill by disabling JS
  
  --
  The cesspool just got a check and balance.
13. Re:Ok? by Anonymous Coward · 2013-07-16 07:39 · Score: 0
  
  its 150 pop ups to be exact. once you close them all, then its back to normal.
14. Re:Ok? by interkin3tic · 2013-07-16 08:36 · Score: 1
  
  I could, but I'm just going to continue wearing nitrile gloves and assume there's semen and ethidium bromide all it and everything else in the lab.
15. Re:Ok? by terrab0t · 2013-07-16 08:56 · Score: 1
  
  Based on another article I read, it only works in the Safari browser.
16. Re:Ok? by jbolden · 2013-07-16 10:08 · Score: 1
  
  Exactly my first thought. This isn't malware there is nothing particularly OS X about it.
17. Re:Ok? by Anonymous Coward · 2013-07-16 12:31 · Score: 0
  
  That's it! I've had it... I cannot take any more. I quit computers.
18. Re:Ok? by mjwx · 2013-07-16 14:23 · Score: 1
  
  I thought we were past the "being surprised that apple products get malware" stage years ago. This seems like a pretty run-of-the-mill scam. I can't really see what's notable about it. Someone help?
  But this isn't malware... Or so the OSX fanboys say every time these things come up.
  
  After that, they blame the user with one side of their mouth whilst blaming Windows for the problems of windows users with the other side. So really the fact we like seeing obnoxious OSX users stew in their own cognitive dissonance is the reason we keep seeing these stories. It's like watching a hobo fight with himself from a safe distance.
  
  But really, all OS have long passed being the primary vulnerability for any system. Realistically they never were the biggest vulnerability. The user has always been the biggest security hole. The reason we're seeing more user target malware on OSX is simply because there are more users on that platform now. Malware has always been a numbers game, whether doing it for profit or street cred and for a long time the only thing protecting OSX users was the low numbers on that platform and it's time for OSX users to admit this (then start teaching themselves basic malware self preservation measures like not installing candy from strangers). Even Linux benefits from a small user base a bit even though it's pretty well targeted as a lot of critical infrastructure runs on it, very few home users do (so practically no soft targets) so few bother writing ransomware for it.
  
  --
  Calling someone a "hater" only means you can not rationally rebut their argument.
19. Re:Ok? by Plumpaquatsch · 2013-07-16 21:56 · Score: 1
  
  I thought we were past the "being surprised that apple products get malware" stage years ago. This seems like a pretty run-of-the-mill scam. I can't really see what's notable about it. Someone help?
  But this isn't malware... Or so the OSX fanboys say every time these things come up.
  Sure, this is malware - but it is not OS X specific malware. It's just Javascript running on all browsers with Javascript, nothing specific to a Mac.
  Get that into your thick skull already, Hateboy, or do you want to prove just how dumb a Hatboy can be?
  
  --
  Of course news about a fake are Fake News.
20. Re:Ok? by mpeskett · 2013-07-17 11:20 · Score: 1
  
  It partially works in other browsers. I've seen this page with Firefox in Linux - when you attempt to close the page it pulls the same trick of catching the event and springing a dialog on you that returns you back to the page, but on the second one Firefox offers a "stop this page from doing that again" option to break the loop.
  Sounds like Safari is just overly stupid in its handling of it. Not offering a way to say no to on-close dialogs, and restoring you back to the same URL after a crash. I've not used Safari to know how those features work (maybe they're more sensible than the reporting suggests), but the way its reported sounds failful even without deliberate exploitation - if a page just crashed your browser you should have an option to choose not to just load it back up again.
Porn parity by Anonymous Coward · 2013-07-16 04:16 · Score: 0

At long last, porn parity for the Mac true believers.
Not so Invulnerable now, huh...? by Anonymous Coward · 2013-07-16 04:18 · Score: 0, Troll

I'm not saying Mac OS X has more viruses than Windows, but almost every Mac user I know has this pretentious attitude that they're invulnerable just by virtue of running Mac OS X. Maybe this will help pound some sense into them.
1. Re:Not so Invulnerable now, huh...? by acariquara · 2013-07-16 04:22 · Score: 2
  
  2003 called, they wanted their scaremongering back.
  If you use OSX and practice safe computing (that means NO JAVA FOR YOU), then yea, you're tough as nails to crack. No OS is idiot-proof, though.
  The same can't be said for many variants of Windows, especially those still using XP where inserting an infected thumb drive will wreck havoc on your system, hell no, on your entire enterprise network.
  
  --
  Dear aunt, let's set so double the killer delete select all
2. Re:Not so Invulnerable now, huh...? by MachineShedFred · 2013-07-16 04:24 · Score: 5, Funny
  
  This isn't malware. It's a javascript on a web page.
  Calling this malware is like calling a firecracker a weapon of mass destruction.
  
  --
  Slashdot still doesnâ(TM)t support Unicode after it was added to the HTML standard in 1997.
3. Re:Not so Invulnerable now, huh...? by Holi · 2013-07-16 04:24 · Score: 1
  
  What good does anti-virus software even do. Every machine I have come across that is infected has an up to date av package on it. It doesn't even slow down an infection anymore.
  
  --
  Sorry, teleporters just kill you and then make a copy. A perfect, soul-less copy.
4. Re:Not so Invulnerable now, huh...? by war4peace · 2013-07-16 04:25 · Score: 1
  
  If your 2013 enterprise network is vulnerable to infection spread from a Windows XP machine... trust me, the cause isn't that an unpatched Windows XP installation caught a cough.
  
  --
  ...gis sdrawkcab (usually not responding to ACs; don't bother posting as AC)
5. Re:Not so Invulnerable now, huh...? by flyingfsck · 2013-07-16 04:29 · Score: 1, Flamebait
  
  Antivirus - to do what? Your ignorance is astounding and you work in IT? Sigh...
  
  --
  Excuse me, but please get off my Pennisetum Clandestinum, eh!
6. Re:Not so Invulnerable now, huh...? by Anonymous Coward · 2013-07-16 04:30 · Score: 0
  
  I've been running on Windows for the past 20 years, and the amount of infections (despite regularly hitting up the warez sites) I can count on one hand.
  Also, last time I inserted any USB into my XP box, it popped up a dialog asking what I should do with it. So ya, fanboy will be fanboy.
7. Re:Not so Invulnerable now, huh...? by SJHillman · 2013-07-16 04:35 · Score: 2
  
  A proper anti-virus should work quietly behind the scenes. There's no such thing as a fool-proof AV any more than there's a 100% effective vaccine. For every infected machine we have, we have several dozen more that report blocking infections or at least crippling the malware.
8. Re:Not so Invulnerable now, huh...? by SJHillman · 2013-07-16 04:35 · Score: 2
  
  Are you saying you don't use an AV on any of your machines?
9. Re:Not so Invulnerable now, huh...? by desdinova+216 · 2013-07-16 04:36 · Score: 1
  
  obligitory http://xkcd.com/875/
10. Re:Not so Invulnerable now, huh...? by ClaraBow · 2013-07-16 04:36 · Score: 2
  
  But this is not Malware! Just a rouge website with some crafty Javascript! The Windows version actually locks the computer and you are forced to Re-install Windows! ! On the Mac version, all you have to do is reset safari from the menu-bar and all is well again! It is very annoying to the end user, but that's all!
11. Re:Not so Invulnerable now, huh...? by Anonymous Coward · 2013-07-16 04:43 · Score: 0
  
  Anti-virus is really at best 30% effective nowadays anyways..
12. Re:Not so Invulnerable now, huh...? by 93+Escort+Wagon · 2013-07-16 04:47 · Score: 4, Funny
  
  Just a rouge website with some crafty Javascript!
  What does the color of the web page have to do with anything?
  
  --
  #DeleteChrome
13. Re:Not so Invulnerable now, huh...? by AmiMoJo · 2013-07-16 04:47 · Score: 2
  
  So the GP's point still stands then, any platform with a web browser isn't immune to malware or malware-like scams.
  
  --
  const int one = 65536; (Silvermoon, Texture.cs)
  SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
14. Re:Not so Invulnerable now, huh...? by hjf · 2013-07-16 04:52 · Score: 1
  
  Is it? A malware program like this has been attacking windows computer lately. It scans IPs for port 3389 (remote desktop) and then tries to brute force into the system. Once it's inside, it runs a script that RARs all your files with a huge random password. Then they demand a $2000 ransom to recover it.
  It happened to a customer of mine who "refused to run a VPN because it slowed things down" and had port 3389 open to the public. There are also scans on port 5900 (VNC server).
  To be fair: neither an antivirus, nor Mac "invulnerability" would protect you from a brute force attack on remote access ports and using your user account to encrypt data. This particular virus doesn't even need administrative privileges to work.
15. Re:Not so Invulnerable now, huh...? by ClaraBow · 2013-07-16 04:54 · Score: 1
  
  Oops! Should have read: rogue! Oh, but rouge rogue does have a nice ring to it!
16. Re:Not so Invulnerable now, huh...? by hjf · 2013-07-16 04:56 · Score: 1
  
  Different viruses. The one for windows attacks through RDP port. I've seen scans on port 5900 too. Nothing would keep a similar virus from attacking Mac if you run any sort of remote access and a weak password.
  The virus for windows encrypt your files and demands a ransom. Nothing would keep a similar virus from doing the same on a mac, since you don't need admin privileges or any sort of exploit to manipulate your own files.
17. Re:Not so Invulnerable now, huh...? by Em+Adespoton · 2013-07-16 04:57 · Score: 1
  
  Just a rouge website with some crafty Javascript!
  What does the color of the web page have to do with anything?
  It's from the red light district....
18. Re:Not so Invulnerable now, huh...? by 93+Escort+Wagon · 2013-07-16 05:00 · Score: 1
  
  "The Rouge Rogue" sounds like a supervillian from the 1950s!
  
  --
  #DeleteChrome
19. Re:Not so Invulnerable now, huh...? by Vidar+Leathershod · 2013-07-16 05:01 · Score: 2, Informative
  
  Well, I certainly don't. As far as I am concerned, it is the same attitude you hear when people say "But we have to do something!!!". It doesn't work. Don't bother. Use a more secure browser. Use an ad-blocker. Have a decent firewall installed. These will help. Perhaps you can enlighten us on which Antivirus program you use on the networks you manage. Then tell us which infections it stopped. I have customers who own solutions from Symantec, VIPRE, Kaspersky, McAfee, AVG, Avira, and Trend (among others I won't take the time to recall). Invariably, those who insist on using IE get infected the most. I have encountered some who get compromised or scammed while using Firefox or Chrome (99% of the time with no ad blocker installed). Not only do the AV packages not stop the infection, but looking in their "quarantine" I never find anything more than tracking cookies. The first rootkit, virus, or whatever that the package encountered was not only not stopped, but crippled the AV.
  Often, the AV package is still intact enough to interfere with the proper progress of a legitimate mitigation tool like ComboFix, though.
  The customers I have who never get infected? Yeah, they're using Macintoshes, running OS versions between 10.5 and 10.8. Occasionally I see a Mac user who has been tricked into installed MacKeeper (bogus maintenance software) when they don't have an ad-blocker installed. Simple to remove without extra software.
  
  --
  The brains of a chicken, coupled with the claws of two eagles, may well hatch the eggs of our destruction.
20. Re:Not so Invulnerable now, huh...? by Anonymous Coward · 2013-07-16 05:07 · Score: 0
  
  It does fit the broad definition of "malware".
  It is not however that big a deal because it's basically the same level of threat as phishing emails. All you need to defeat it is a modicum of common sense. Really it's probably most effective against teenagers, and the terminally stupid both of which could use the lesson.
21. Re:Not so Invulnerable now, huh...? by zieroh · 2013-07-16 05:18 · Score: 1
  
  This isn't that malware. This is just an annoying bit of javascript.
  
  --
  People who say "sheeple" have about as much sophistication as an AOL user, and in fact are probably actually AOL users.
22. Re:Not so Invulnerable now, huh...? by cusco · 2013-07-16 05:33 · Score: 0
  
  My wife's nieces and nephews hang out in Internet cafes in Peru, which are virus breeding grounds. We frequently get sent crap through their accounts, and so far Windows Defender and MS Internet Essentials have blocked everything. If you think that antivirus software doesn't do anything than you're living in a fantasy world.
  
  --
  "Think about how stupid the average person is. Now, realise that half of them are dumber than that." - George Carlin
23. Re:Not so Invulnerable now, huh...? by Rosyna · 2013-07-16 05:35 · Score: 1
  
  Perhaps you should become aware of XProtect.
24. Re:Not so Invulnerable now, huh...? by jimicus · 2013-07-16 05:36 · Score: 1
  
  The virus for windows encrypt your files and demands a ransom. Nothing would keep a similar virus from doing the same on a mac, since you don't need admin privileges or any sort of exploit to manipulate your own files.
  Almost certainly would be a trojan rather than a virus in that case.
  Mind you, it's a bit rich to equate "Macs don't get viruses" (true) with "Macs are immune to all forms of malware" (patently false).
25. Re:Not so Invulnerable now, huh...? by MachineShedFred · 2013-07-16 05:42 · Score: 2
  
  Our corporate Macs which I maintain have an antivirus installed due to policy, but the only thing it ever finds is Windows viruses that arrive via email attachments that manage to get through the email gateway scanner.
  The #1 thing that protects our Macs: The user does not have administrative credentials.
  The #2 thing that protects our Macs: Applications are all deployed via a centrally managed repository, which allows for #1.
  
  --
  Slashdot still doesnâ(TM)t support Unicode after it was added to the HTML standard in 1997.
26. Re:Not so Invulnerable now, huh...? by Anonymous Coward · 2013-07-16 05:42 · Score: 0
  
  No i don't. I use Linux.
  Someone had to say it! :)
27. Re:Not so Invulnerable now, huh...? by Anonymous Coward · 2013-07-16 05:53 · Score: 0
  
  It's my experience that trend micro stops some malware, I use windows defender and it's ok. But yes user habits seem to be the strongest indicator of who is gonna get a virus.
28. Re:Not so Invulnerable now, huh...? by Anonymous Coward · 2013-07-16 06:45 · Score: 0
  
  I'm not saying Mac OS X has more viruses than Windows, but almost every Mac user I know has this pretentious attitude that they're invulnerable just by virtue of running Mac OS X. Maybe this will help pound some sense into them.
  No, they'll just try changing the definition of "malware" again, apply the new definition to Apple systems, and continue using the old definition for Windows.
  They don't want truth, this isn't about security, it's about waving around an E-Peen and chest-thumping about who has the better OS.
29. Re:Not so Invulnerable now, huh...? by Anonymous Coward · 2013-07-16 06:57 · Score: 0
  
  Mind you, it's a bit rich to equate "Macs don't get viruses" (true) with "Macs are immune to all forms of malware" (patently false).
  Yes, that's the problem Most people equate "virus" to "malware", Apple knows this which is why they are careful to only say "virus"- it gives them a legal escape route.
  Thing is, you don't see viruses on Windows boxes any more, either. Most malware operates by script-based drive-by's on websites, or through trojan installers. And there are more and more of those showing up which affect Mac, something that makes the fanboys weep into their pillows at night.
  As for the example in the article, in the old days we called this sort of thing a "pop-up exploit". There used to be ways to get some browsers (regardless of OS) to pop two or more windows any time you closed one, so the more you closed the more appeared, requiring you to force-kill the app or restart the system. We called those "malware" when they hit Windows platforms, I don't see why we're going to act like they aren't a problem now that we see them on Mac systems. Oh, ya, that's right, it makes the fanboys cry.
  Disclaimer- I use Mac, Windows, and Linux boxes.
30. Re:Not so Invulnerable now, huh...? by LDAPMAN · 2013-07-16 06:57 · Score: 2
  
  If "any old one would do" then you should realize that unless they are running ancient version of OS X that all macs have antivirus built in. Apple added it several years ago and updates it regularly.
31. Re:Not so Invulnerable now, huh...? by Anonymous Coward · 2013-07-16 07:09 · Score: 0
  
  MSE has the lowest detection out of any AV currently.
  I would be highly suspect of what it DIDN'T detect, as that is extremely likely.
32. Re:Not so Invulnerable now, huh...? by jedidiah · 2013-07-16 07:23 · Score: 1
  
  > Nothing would keep a similar virus from attacking Mac if you run any sort of remote access and a weak password.
  It's funny you should mention that because I run a daemon that checks /var/log for suspicious activity. When it finds something that looks like a brute force attack, it blocks the attacker with a firewall rule.
  Now this thing is a nice ready made app available through my distro's standard repos. But in the old days, I cobbled the same thing together with a bash script.
  If you aren't operating under the assumption that you are helpless and the situation itself is helpless, there's actually a lot of stuff that you can do do slow attackers down.
  The idea that "it's all about popularity" is one of the most dangerous bits of self-delusion that the Lemming crowd perpetuate. They make it sound like there's no defense when there are a lot of clear an obvious defenses.
  The first one is to not be a total idiot and/or tolerate a crap product.
  You simply don't have to be trapped into using crapulence you will later feel the need to make excuses for.
  
  --
  A Pirate and a Puritan look the same on a balance sheet.
33. Re:Not so Invulnerable now, huh...? by SJHillman · 2013-07-16 07:25 · Score: 1
  
  It's more of a liability issue, that's why we're not too concerned with which AV they use. They sign off on their computer being protected, and if it gets infected, it's on them. Most people bitch about having to sign off on having some form of malware protection because "it's a Mac"
34. Re:Not so Invulnerable now, huh...? by Anonymous Coward · 2013-07-16 08:09 · Score: 0
  
  I'm not saying Mac OS X has more viruses than Windows
  Nor am I, because it factually has fewer, far fewer in fact.
  
  but almost every Mac user I know has this pretentious attitude that they're invulnerable just by virtue of running Mac OS X.
  I'm intrigued to know where all these people come from. I know many mac users, and am yet to meet one with this delusion. My hypothesis is that in fact the people repeatedly spouting this instead simply assume that all Mac users think this without ever actually asking.
  
  Maybe this will help pound some sense into them.
  What, a web site with some javascript that will run on any web browser will somehow make idiots think that their system is vulnerable to the odd threat? I mean, seriously, this is even lamer than most of the trojans that require you to enter an admin password to do something malicious... It's a fucking web page!
35. Re:Not so Invulnerable now, huh...? by beelsebob · 2013-07-16 08:11 · Score: 1
  
  Right, that's not because these users are not aware that there's a threat of getting some kind of malware on their machine. This is because the problems caused by the antivirus software are as bad as the problems caused by a virus, so basically, you're asking them to guarantee that they have something malicious on their system, rather than simply having a 1 in a million chance that they do.
36. Re:Not so Invulnerable now, huh...? by thoromyr · 2013-07-16 08:18 · Score: 1
  
  There is no meaningful distinction between a "trojan" and a "virus". The old, simplistic application of the terms "trojan", "virus" and "worm" never really made that much sense, but it is pretty meaningless now. Each of those designations simply refers to a method of infection and nothing prevents multiple vectors from being employed. And plenty of malware does that. In fact, the majority I run across do none of those things.
  The predominate vector in use today is malvertising. It generally exploits a vulnerability to side step needing user interaction (what trojans use). They are self contained (in general do not rely on injecting into an executable for the purpose of propagation the way a "virus" does). They also generally do not scan and attack (what worms do -- it is noisy making it easy to detect and identify the infected system).
  Not to say that the trojan technique of fooling users into running the malware is gone (one of the first big OS X targeted campaigns was for a "cracked office suite" -- oldie but goodie.
  Or that file (and process) injection is not used, but it is generally to hide or perform operational function, not to propagate.
  Or that the network is not used -- but despite some lingering scanning the much more common use of the network is for command and control with steganography (use of forums), p2p protocols, custom protocols or even good old fashioned IRC. Increasingly, encryption is used. Bogus traffic may be generated to try and hide the C&C in a haystack.
  By the old and simplistic definitions this modern, modular malware is not virus, trojan or worm. Malware is a reasonable enough umbrella term to describe it.
37. Re:Not so Invulnerable now, huh...? by JazzLad · 2013-07-16 08:20 · Score: 1
  
  When convenient, simple IEDs get declared WMD, ironically by the same people that say (rightfully) that GWB lied about Iraq having WMDs.
  
  It is convenient for some to call this OSX malware, it's called hyperbole and it's disgusting whoever uses it to fearmonger.
  
  Now that I've insulted everyone but Mac users, hopefully they'll keep me from being modded into oblivion ...
  
  --
  "If you have nothing to hide, you have nothing to fear." - Every fascist, ever
38. Re:Not so Invulnerable now, huh...? by jimicus · 2013-07-16 08:23 · Score: 1
  
  That's pretty much my point - Macs may not get viruses in the traditional sense of the word, but the computer virus in its traditional sense is more-or-less extinct. They're sure as hell vulnerable to malware, which is a far better term for modern use.
39. Re:Not so Invulnerable now, huh...? by hjf · 2013-07-16 08:36 · Score: 1
  
  Good for you. I use port knocking.
  But for the non-tech folk out there who just thought it was going to be cool to be able to check his home computer from work, you can't blame him for trying. Maybe he thought clicking "enable remote access" didn't have such heavy security implications.
  We learn from our own mistakes. Given your 4 digit UID, I seriously doubt your record is spotless. I'm sure you had a system or two compromised until you learned to become almost paranoid about security.
40. Re:Not so Invulnerable now, huh...? by acariquara · 2013-07-16 09:04 · Score: 1
  
  >Also, last time I inserted any USB into my XP box, it popped up a dialog asking what I should do with it.
  Then I have two bad news for you: one, you're not up to date on your security patches, namely disabling autorun from removable drives, and two, you are one social engineering step away from being infected. That's how it starts, you click on an icon that looks like a folder but you're actually running malware.
  
  --
  Dear aunt, let's set so double the killer delete select all
41. Re:Not so Invulnerable now, huh...? by acariquara · 2013-07-16 09:11 · Score: 1
  
  Absolutely no contest there, man, although that doesn't mean it does not happen.
  Our hospital network just changed from a major XP install to a Seven one, and most clients are running WITH admin priviledges. Hey, that's not a bad thing on my side: I'm just a practicing MD, but I bet my workstation is far safer than everyone else's because I can fix the dumb stuff they did via GPOs.
  
  --
  Dear aunt, let's set so double the killer delete select all
42. Re:Not so Invulnerable now, huh...? by LordLimecat · 2013-07-16 09:33 · Score: 1
  
  A pre-installed antivirus is worse than useless.
  Note, for example, that MSSE was a perfectly good antivirus until Microsoft baked it into Windows 8. Then, surprise surprise, it started failing every AV comparatives, because a every virus was compiled specifically to evade detection.
  Lets put it another way. If every OSX box has the same anti-virus updated on the same schedule, why would anyone release a virus for OSX that didnt 1) evade current detections and 2) break the updating mechanism so that it cant be removed in the future?
43. Re:Not so Invulnerable now, huh...? by LordLimecat · 2013-07-16 09:35 · Score: 1
  
  XP is more than a decade old. Lets compare XP to a similar vintage of OSX-- what would that be, 10.3? 10.2?
44. Re:Not so Invulnerable now, huh...? by LordLimecat · 2013-07-16 09:36 · Score: 1
  
  The user does not have administrative credentials.
  Ditto on all versions of windows released in the last 7 years.
45. Re:Not so Invulnerable now, huh...? by war4peace · 2013-07-16 09:40 · Score: 1
  
  Oh it happens, of course. Did happen in the company I work for. However, only the workstations themselves got infected, nothing did spread over the network
  
  --
  ...gis sdrawkcab (usually not responding to ACs; don't bother posting as AC)
46. Re:Not so Invulnerable now, huh...? by jbolden · 2013-07-16 10:10 · Score: 1
  
  Has it occurred to you that PC users get nailed all the time while Mac users mostly don't. They are pretentious because it is justified by experience.
  And no a misbehaving website is not going to "pound sense into them" because they are being quite sensible.
47. Re:Not so Invulnerable now, huh...? by jbolden · 2013-07-16 10:12 · Score: 1
  
  I've been running OSX since 10.1 no anti-virus no problems. And since then: wife, daughter, parents, inlaws, friends.
  OSX people mostly don't get virus. They aren't immune but they are rare and Apple often handles them on their end.
48. Re:Not so Invulnerable now, huh...? by jbolden · 2013-07-16 10:14 · Score: 1
  
  You can't break the updating mechanism. That runs in a protected mode applications don't have access to it. That's one of the differences between capabilities and permissions, which NT supports too but Microsoft can't use as aggressively because of worries about backwards compatibility.
49. Re:Not so Invulnerable now, huh...? by jbolden · 2013-07-16 10:15 · Score: 1
  
  XP is still on about 40% of Windows machines. The Windows user culture is a big part of why they have a much worse malware problem.
50. Re:Not so Invulnerable now, huh...? by uglyduckling · 2013-07-16 10:40 · Score: 1
  
  So, essentially, you're tickboxing the installation of antivirus software. I'd install ClamXav and tick that box, if it was me. Macs aren't necessarily totally invulnerable, but I've never had active antivirus on my Mac, and I've taken it all over the world and used all sorts of dodgy free WiFi, and never had an issue. The only thing I do is a scan of removable media using Clam if I think it's come from someone who's unlikely to have protection on their Windows box. I put my 3G dongle on my parents' XP laptop (never previously connected to the Internet) and it was infected before I'd had time to download a free antivirus (I forgot that there's a huge difference between being behind a NAT router and plugging in a broadband dongle). Admittedly that was XP, Windows 7 is a lot better, but it is orders of magnitude more likely for unprotected Windows boxes to get infected compared to OSX - and far more likely for infections to spread across corporate networks from Windows boxes.
51. Re:Not so Invulnerable now, huh...? by uglyduckling · 2013-07-16 10:49 · Score: 1
  
  I've been using computers of various kinds since the mid-80s, including Windows from 2.0 up to 8, Atari, Amiga, various Linux distros and most recently Mac OSX. I wouldn't dream of putting a Windows box into production without antivirus software. I've seen serious virus outbreaks on all of the platforms I've used, apart from Linux and OSX. I've never had active (continuous scanning / file protection) antivirus on Linux or OSX and I've never seen a virus infection. In all my years of supporting friends and family and various corporate systems, I've never had to clean off an infected OSX or Linux box. It's just never happened. So maybe I'm deluded or pretentious, but I'll install active antivirus on my Mac once I've seen a single example of a serious infection in the wild. Until then, I'll keep Clam on standby.
52. Re:Not so Invulnerable now, huh...? by LordLimecat · 2013-07-16 12:47 · Score: 1
  
  You can't break the updating mechanism.
  Hosts file / DNS tampering. Oh look, it cant find the update server any more.
  Once a virus gets root access, it can do pretty much what it wants unless the entire OS is a walled garden, which OSX isnt (quite yet).
53. Re:Not so Invulnerable now, huh...? by jbolden · 2013-07-16 13:31 · Score: 1
  
  First off you should look at capabilities, it isn't just root for a userspace application. There was a virus in February that did something similar it pushed the DNS to a Russian server. But it couldn't get to the user access parts. The Apple community responded by putting the fix all over the internet. The people who had it got notified and got the fix. The Russian hackers couldn't stop thousands of sites.
54. Re: Not so Invulnerable now, huh...? by Anonymous Coward · 2013-07-17 00:21 · Score: 0
  
  Nope - I still won't be running AV on my Mac, mainly because 1) the security construct is good enough and 2) I'm not stupid
55. Re:Not so Invulnerable now, huh...? by danomac · 2013-07-17 06:45 · Score: 1
  
  I'd extend that to say that home users are a click away from installing something stupid using UAC. Corporate PCs/Macs are generally more locked down.
Well I will just tell my wife... by Anonymous Coward · 2013-07-16 04:18 · Score: 0

Well I will just tell my wife that i don't use Safari to surf for porn. Crisis averted.
(I use Firefox Private browsing for that.)
Hmmm...We are good unless she uses Safari for that!!???
Malware by AlreadyStarted · 2013-07-16 04:18 · Score: 5, Informative

Is this really malware? It's just a webpage with annoying javascript...
1. Re:Malware by sjames · 2013-07-16 04:21 · Score: 1
  
  In a minor sense, since the javascript is software.
  really there should be a good way to kill the page without resetting everything in the browser.
2. Re:Malware by acariquara · 2013-07-16 04:24 · Score: 1
  
  But MACS!!! ARE!!! NOT!!! IMMUNE!!! TO!!! BAD!!! THINGS!!! is way catchier.
  Filter: I know it's yelling, I am trying to make a point here.
  
  --
  Dear aunt, let's set so double the killer delete select all
3. Re:Malware by AlreadyStarted · 2013-07-16 04:24 · Score: 2
  
  Looks like holding shift while starting safari solves the problem. No browser reset required. Holding shift tells safari not to open previously open tabs/windows.
4. Re:Malware by SJHillman · 2013-07-16 04:25 · Score: 1
  
  The definition in the article is "ransomware is malware which restricts access to the computer it infects, spamming the user with prompts that demand a ransom paid for functionality to be reinstated"
  I'd say it qualifies. It restricts access to the computer. Malware usually follows the KISS principle better than most other software, which is one of the reasons why it can become so widespread even though a commercial software package can be a pain in the ass to get it to work. If your software absolutely, positively has to run on every possible computer, talk to a malware author.
5. Re:Malware by FellowConspirator · 2013-07-16 04:27 · Score: 1
  
  You could enable the the "Develop" menu in preferences and then select "Disable JavaScript" on the problematic page without having to reset anything (you could also open the JavaScript console and stop it). This really has nothing to do with OS X and isn't even browser-specific. There's, of course, a browser-specific answer to it (it only takes a few minutes to create a Safari plug-in to block it).
6. Re:Malware by Anonymous Coward · 2013-07-16 04:33 · Score: 0
  
  really there should be a good way to kill the page without resetting everything in the browser.
  There is:
  - open the JavaScript console
  - type (or paste) "function areYouSure() { return false ; } " (without the quotes) at the prompt
  - next time the function is called it won't prompt
  I guess you could also just set i = 150 and stop the iframe madness.
Safari related bug by sosume · 2013-07-16 04:19 · Score: 1

Clever use of a bug in Safari, who would have thought of that.. I'd say the US should be able to knock out this site in a few minutes, by using the provisions in the SOPA act. Right?
I call B.S. by sammy_cda · 2013-07-16 04:20 · Score: 0

Everyone knows Macs don't get virus right? ;-)
1. Re:I call B.S. by Anonymous Coward · 2013-07-16 04:34 · Score: 0
  
  Everyone knows Macs don't get virus right? ;-)
  This is due to the raw organic diet apples products are raised on. It also means they don't need polio vaccines because their immune systems are so strong they'd never get polio anyway. The problem though is that some people aren't keeping the raw organic diet intended for apple products which is comprising their immune systems along with leading to overall poor health and sluggishness. Also, your Apple product needs at least 3 hours of mediation a day to keep it's chakras online. The good news is if you return your product to a raw organic diet and make sure it gets it's mediation, the immune system of your apple product will return to full strength and kill the virus.
2. Re:I call B.S. by Anonymous Coward · 2013-07-16 04:57 · Score: 0
  
  Of course they do but this isn't a virus, trojan or even malware.
  It's just an annoying web page that doesn't let you close it. No different than a page that opens tabs of goatse or plays "MY BOSS IS A CUNT" really loud.
  Annoying but not dangerous (unless you fall for it).
  Now unless you think Apple shouldn't allow web browsing on Macs then this is a non event.
The CIA is not law enforcement by intermodal · 2013-07-16 04:21 · Score: 1

The CIA is and always has been an intelligence/espionage agency. Blurb is incorrect to call them law enforcement

--
In SOVIET RUSSIA... erm...NSA AMERICA, the Internet logs onto YOU!
1. Re:The CIA is not law enforcement by FellowConspirator · 2013-07-16 04:28 · Score: 1
  
  ... and copyright infringement is a tort, not a crime.
2. Re:The CIA is not law enforcement by Spy+Handler · 2013-07-16 04:58 · Score: 1
  
  I find a surprising number of people who don't know the difference, not just dumb people but even those with normal intelligence who are competent in their fields.
  Perhaps we can illustrate with movie examples. CIA = Jason Bourne, assassin we send abroad to kill foreign nationals who create trouble for the U.S. gov't. They only operate outside the USA, as they are forbidden by law to spy on or kill anyone inside the USA.
  FBI = Jodi Foster in Silence of the Lambs, police who catch criminals inside the USA. They have no jurisdiction or power outside the USA.
3. Re:The CIA is not law enforcement by intermodal · 2013-07-16 06:36 · Score: 1
  
  You might think so, but the FBI warning at the beginning of old VHS tapes disagrees. I'm willing to be the laws referenced therein are not repealed as of yet.
  
  --
  In SOVIET RUSSIA... erm...NSA AMERICA, the Internet logs onto YOU!
4. Re:The CIA is not law enforcement by JazzLad · 2013-07-16 09:37 · Score: 1
  
  It was a tort when the wealthy did it, it's a crime now that the common man can do it.
  
  --
  "If you have nothing to hide, you have nothing to fear." - Every fascist, ever
pay back, Steve Jobs by tloh · 2013-07-16 04:22 · Score: 0

You think this and that guy Chris Sevier is divine retribution for Jobs taking a swipe at Android?

--
Stay sentient. Don't drink bad milk.
1. Re:pay back, Steve Jobs by tloh · 2013-07-16 14:04 · Score: 1
  
  Troll? Seriously? I don't know if it is more ironic that a) I'm using my iPad in responding to an Apple fanboy's overreaction or b) the next comment jokes about essentially the same thing and got up-moded.
  
  --
  Stay sentient. Don't drink bad milk.
Sounds like... by kylus · 2013-07-16 04:22 · Score: 2

...a good security measure for the guy suing Apple for not filtering the porn he was addicted to.

--
--Kylus
Idiot-proof something, and Life will build a better Idiot.
Been on Windows for awhile.. by hairyfeet · 2013-07-16 04:23 · Score: 2, Insightful

I've been seeing variations on this one for a year or two now, sometimes connected with the "Yahoo Porn Bug" I wrote about in my journal, sometimes not. The main thing when it comes to a lot of this crap is to explain and assure the public its bullshit, you'd be amazed how many can be put into panic mode by a letter that looks like it comes from authority and of course guys getting child porn charges for Simpsons cartoons and manga really doesn't fucking help matters in that regard.
Now I don't know how it is on OSX but on Windows these kinds of bugs aren't that hard to kill a good tool for the job I've been trying out in the shop is the Emisoft Emergency Kit which is free for personal use but so far looks to be worth the cost of a license if you work in a shop. The whole thing runs on a stick and so far it seems to be pretty damned good at detecting all kinds of bugs and its CLI scanner so far has been pretty good at getting around the run blocks some of the malware uses.

--
ACs don't waste your time replying, your posts are never seen by me.
1. Re:Been on Windows for awhile.. by Anonymous Coward · 2013-07-16 04:41 · Score: 0
  
  That's just it. This doesn't require a "tool" to remove it. It should affect Windows and linux users just as well. The only difference is that Safari actually reloads the previous pages that were open when you start it back up. So, as a result, this annoying website comes back up. Chrome has the same feature built into it, but it might not be turned on by default.
  Unlike the windows version for this that have been showing up for quite some time now, this doesn't install anything. It just gets started and uses normal javascript functionality to prevent you from easily getting rid of it. That same javascript should work the same on most browsers regardless of the OS.
  So, no need for special tools for this one. Just learning how to use your computer should be sufficient.
2. Re:Been on Windows for awhile.. by fermion · 2013-07-16 05:10 · Score: 1
  
  Not really a bug, but rather an implementation. Unfortunately Safari, like IE, allows websites to change the display of a browser window(for instance, no longer display the URL) and to display modal windows that effectively hijack the browser. While there are a few legitimate reasons to allow this, for the most part they are used to keep people on a page against their will.
  A lot of this comes from the effort of MS to turn the web browser into an application front end, and many of the legitimate uses are related to using the browser as a dumb terminal. But the risk is significant. On Windows i have IE, only used for sites I know I have to. I try not to go anywhere questionable on a PC. I have had to reformat my computers twice because of problems. On the Mac I have Safari and Firefox. I also have Chrome but it can't be as locked as much so I only use for Google Drive.
  It is too bad that we need multiple browsers, but that is life. I really did not realize how hard it was to get a safe browser until Camino was EOL and I had to switch to, and secure, Firefox.
  
  --
  "She's a scientist and a lesbian. She's not going to let it slide." Orphan Black
$300 fine by Anonymous Coward · 2013-07-16 04:24 · Score: 0

$300 fine? For each file? I'm bankrupt!!!!!!
Year of the Macintosh desktop. by Anonymous Coward · 2013-07-16 04:24 · Score: 0

Some finally got around to porting windows viruses to macintosh. I think it's time to declare 2013 year of the Macintosh desktop. Sorry linux.
No, still pretty invulnerable... by SuperKendall · 2013-07-16 04:26 · Score: 4, Informative

No product is totally invulnerable. But it's a simple fact that an OSX user can go a long, long time before ever seeing a virus or malware.
That said - this is not an example of the OS being vulnerable, the whole "malware" is Javascript that takes over Safari a bit, basically a hacked website. I'm not even sure if it works if you have popup blocking on. The computer is never compromised.

--
"There is more worth loving than we have strength to love." - Brian Jay Stanley
1. Re:No, still pretty invulnerable... by dragon-file · 2013-07-16 06:32 · Score: 1
  
  No product is totally invulnerable. But it's a simple fact that an OSX user can go a long, long time before ever seeing a virus or malware.
  A user can go along time without seeing virus and malware in OSX because OSX holds 7.18% of the market as opposed to Windows 7 and XP at a combined total of 81%.
  If I were to write malicious code with the intent to prey on the gullible and make quick money which OS would I target?
  
  --
  Whenever a player quits EVE to go play WoW, the Average IQ of both games increase.
2. Re:No, still pretty invulnerable... by SuperKendall · 2013-07-16 06:56 · Score: 2, Insightful
  
  A user can go along time without seeing virus and malware in OSX because OSX holds 7.18% of the market as opposed to Windows 7 and XP at a combined total of 81%.
  Who cares why it is true when it *is* true?
  It's still the case that by far a non-technical user is vastly safer running a Mac.
  If I were to write malicious code with the intent to prey on the gullible and make quick money which OS would I target?
  Obviously people too stupid to choose the safer, instead of the more popular, choice.
  
  --
  "There is more worth loving than we have strength to love." - Brian Jay Stanley
3. Re:No, still pretty invulnerable... by jedidiah · 2013-07-16 07:17 · Score: 2
  
  > A user can go along time without seeing virus and malware in OSX because OSX holds 7.18% of the market as opposed to Windows 7
  That's just the deluded nonsense of a Lemming.
  There have been virus ridden minority platforms before. This was quite common back when there were actually other platforms to choose from. Operating systems in those days were much less robust. Viruses were common because those platforms suffered from similar nonsense that Windows does now.
  Windows is crap. It gets viruses because it is crap. Being "popular" has nothing to do with it.
  The current version of MacOS has fewer viruses because it is built on a solid foundation that isn't undermined by really stupid ideas about usability.
  Lemmings just want to pretend that Windows isn't crap and always has been. It's not something that people like. It's something that people TOLERATE because a perception that they are trapped by it being the only well supported platform.
  
  --
  A Pirate and a Puritan look the same on a balance sheet.
4. Re:No, still pretty invulnerable... by Anonymous Coward · 2013-07-16 07:41 · Score: 1
  
  No product is totally invulnerable. But it's a simple fact that an OSX user can go a long, long time before ever seeing a virus or malware.
  A user can go along time without seeing virus and malware in OSX because OSX holds 7.18% of the market as opposed to Windows 7 and XP at a combined total of 81%.
  Which is why 7.18% of virus infections are on OSX. Oh wait, they aren't? Perhaps more secure designs actually help.
5. Re:No, still pretty invulnerable... by thoromyr · 2013-07-16 08:05 · Score: 1
  
  Whatever it takes to make you sleep better. But the illogic of that has long been shown (e.g., compromised web servers used to be nearly all IIS despite it having a minority share -- yeah, times have changed, but that just further illustrates that "market share" is not a controlling factor). Your overly facile argument reveals how little you know of the business.
  In reality malware was originally written by people trying to show off their "super skills" or who had a grudge of some sort. By and large they were written for the platform the writer used. Nowadays malware is a business with service contracts and the users of it expect a revenue stream. And business expects an ROI, not a juvenile rationale. As Windows has gradually improved security the ROI for targeting it has leveled off a bit compared to other platforms. On paper, Windows 7 is at least as secure as OS X 10.7, if not more so. This is a more significant reasion why there is more targeting of OS X users now than there used to be.
  The reality is that there is a lot of knowledge in the malware industry for exploiting the Windows platform and only a growing knowledge for OS X and Linux. Making up for this deficit is a cost that goes into calculating ROI. The only marketshare part of this is that malware authors most likely cut their programming teeth hacking at Windows because it was what they had. Not because so many other people run Windows, but because it was what *they* (mostly) had.
  To re-answer your "question", I would target the platform with the highest ROI. If Windows users weren't so gullible and well monied they wouldn't be targeted so much. But, despite sour grapes from some quarters, plenty of Windows users have more money than sense. And with the relatively low upfront investment they continue to be the most targeted.
6. Re:No, still pretty invulnerable... by Bobfrankly1 · 2013-07-16 09:32 · Score: 0
  
  The current version of MacOS has fewer viruses because it is built on a solid foundation that isn't undermined by really stupid ideas about usability.
  Which would explain why people use a PC to get actual work done.
7. Re:No, still pretty invulnerable... by jbolden · 2013-07-16 10:19 · Score: 1
  
  On paper Windows has always been more secure than Mac OS. It isn't the OS
  1) A user community that upgrades quickly
  2) A willingness to break backwards compatibility
  3) Apple's ability to get their community to fall in line if there is a crisis
  4) A community with a heavy percentage of computer enthusiasts.
  etc... means that Apple doesn't have the problems that Windows does.
8. Re:No, still pretty invulnerable... by uglyduckling · 2013-07-16 10:42 · Score: 1
  
  That's right, no-one uses a Mac to get actual work done. Well done.
9. Re:No, still pretty invulnerable... by Anonymous Coward · 2013-07-16 12:45 · Score: 0
  
  Windows is crap. It gets viruses because it is crap.
  But that's only because malware authors are targeting crap!
obviously fake by stenvar · 2013-07-16 04:27 · Score: 1

Law enforcement is never that straightforward and efficient.
1. Re:obviously fake by SJHillman · 2013-07-16 04:39 · Score: 1
  
  Or that cheap.
FTFY by SuperKendall · 2013-07-16 04:28 · Score: 3, Insightful

I thought we were past the "being surprised that websites get hacked" years ago.
This is not malware, it's a hacked site with annoying javascript. The only news here is how desperate some people are to show that OSX is vulnerable to malware - even when the malware never is installed on the system...

--
"There is more worth loving than we have strength to love." - Brian Jay Stanley
1. Re:FTFY by Anonymous Coward · 2013-07-16 04:46 · Score: 0
  
  I thought the annoying thing about the infection was the ransom notice put up by the bad guys. This part is okay with you, just not news that it hit OSX?
2. Re:FTFY by meerling · 2013-07-16 05:08 · Score: 1
  
  It's software that is intended for a malicious purpose contrary the wants and needs of the user.
  It is malware, it's just not running from a platform usually used for such things.
  I guess you think that the various ms word worms aren't malware because they are scripts that run on ms word.
  (And yes, those ms word worms are viruses because they are infecting an executable code, even if it's something most people don't realize is executable code. And executable code does not mean .exe files, though those are one type of executable code.)
3. Re:FTFY by SuperKendall · 2013-07-16 05:16 · Score: 1
  
  I guess you think that the various ms word worms aren't malware because they are scripts that run on ms word.
  No, they are all location on your system. And they have wide access to your system.
  Javascript going a bit wild is not malware, any more than any advertisement or popup is. It's just a hacked site.
  
  --
  "There is more worth loving than we have strength to love." - Brian Jay Stanley
4. Re:FTFY by recoiledsnake · 2013-07-16 05:31 · Score: 0, Troll
  
  The only news here is how desperate some people are to show that OSX is vulnerable to malware - even when the malware never is installed on the system...
  Are you implying that OSX isn't vulnerable to malware?
  
  --
  This space for rent.
5. Re:FTFY by jimicus · 2013-07-16 05:34 · Score: 3, Insightful
  
  It is malware, it's just not running from a platform usually used for such things.
  True, but the important point is the platform in question is not OS X and it is somewhat disingenuous to pretend it is. The platform is "any web browser that automatically reloads the last visited site if you force it to quit".
6. Re:FTFY by Anonymous Coward · 2013-07-16 07:44 · Score: 0
  
  Almost no-one will be hurt by this stupid website hack. Meanwhile your attempts at misleading people into thinking OSX is not more secure than other systems will cause far more damage to real people.
7. Re:FTFY by SuperKendall · 2013-07-16 07:51 · Score: 3, Interesting
  
  No, I am saying OS X is much LESS vulnerable to malware, and that some people are desperate to make it SEEM as though OS X gets malware to the same extent PC's do even when facts do not bear that out.
  So desperate in fact, that they jump the gun and claim a Javascript hack is the same as system level malware... all because they didn't simply try to look at the facts at what it was, just react to the presence of "OSX" in the headline.
  
  --
  "There is more worth loving than we have strength to love." - Brian Jay Stanley
8. Re:FTFY by SuperKendall · 2013-07-16 07:55 · Score: 1
  
  I thought the annoying thing about the infection was the ransom notice put up by the bad guys.
  Apparently not since the headline was about OS X even though the "malware" is cross-platform thanks to it being only in a web browser.
  Don't look at me, chide the person who wrote the article and summary.
  
  --
  "There is more worth loving than we have strength to love." - Brian Jay Stanley
9. Re:FTFY by Anonymous Coward · 2013-07-16 08:49 · Score: 0
  
  Tiny market, tiny exposure, tiny news...nothing new here.
10. Re:FTFY by mjwx · 2013-07-16 14:28 · Score: 1
  
  I thought we were past the "being surprised that websites get hacked" years ago.
  This is not malware, it's a hacked site with annoying javascript. The only news here is how desperate some people are to show that OSX is vulnerable to malware - even when the malware never is installed on the system...
  Erm, no.
  
  This is still malware as it is code (software) deigned to perform a malicious action.
  
  To be more specific it's "ransomware" and for a long, long time ransomware has been considered malware. Really, this one can trace its roots back to hoax viruses
  
  What this means is that OSX users like yourself can no longer pretend your automagically protected. You're vulnerable to the same kinds of attacks as Windows.
  
  --
  Calling someone a "hater" only means you can not rationally rebut their argument.
11. Re:FTFY by thegarbz · 2013-07-16 14:38 · Score: 1
  
  No, I am saying OS X is much LESS vulnerable to malware,
  False. The number 1 infection vector to any OS is the user and in that regard OSX is just as vulnerable to malware as any other system.
  The pervasiveness of malware has nothing to do with vulnerability.
12. Re:FTFY by Anonymous Coward · 2013-07-17 05:14 · Score: 0
  
  Sorry, can't hear you over the grinding sound your axe is making.
13. Re:FTFY by SuperKendall · 2013-07-17 08:45 · Score: 0
  
  False. The number 1 infection vector to any OS is the user and in that regard OSX is just as vulnerable to malware as any other system.
  That is false, in a few ways.
  1) The user is simply not able to infect the system as deeply because most Mac users do not run as Admin, unlike WIndows.
  2) Mac updates are easy and generally don't break things, which means people actually run them - thereby closing off vectors of attack.
  3) Because the Mac App Store is so popular, fewer people get applications from other sources now, thereby decreasing the risk of infection (which Windows 8 does also).
  The pervasiveness of malware has nothing to do with vulnerability.
  It is an indicator of how effectively vulnerable a system is - the easier it is to have malware work, the more you will find on a system. Conversely, if writing malware gives you little return because it doesn't get any traction, fewer people will write malware for that system See: Android/iOS.
  The simple truth remains that you can give an OSX system to someone and not require them to run a virus scanner with any regularity, while in traditional Windows systems that would be madness.
  
  --
  "There is more worth loving than we have strength to love." - Brian Jay Stanley
Not malware by Qzukk · 2013-07-16 04:28 · Score: 2, Informative

It's just a site that uses javascript to try and keep you from leaving, which is hard to get out of on safari because if you forcequit safari, safari "recovers" the page when you open it again.

--
If I have been able to see further than others, it is because I bought a pair of binoculars.
1. Re:Not malware by 93+Escort+Wagon · 2013-07-16 04:49 · Score: 4, Informative
  
  Hold down "Shift" when you re-launch Safari - that'll solve that problem.
  
  --
  #DeleteChrome
2. Re:Not malware by Anonymous Coward · 2013-07-16 10:13 · Score: 0
  
  That's so very intuitive! :)
3. Re:Not malware by Anonymous Coward · 2013-07-16 17:35 · Score: 0
  
  It works when it coincides with the moment that the user bangs their keys in frustration.
4. Re:Not malware by ax_42 · 2013-07-16 23:27 · Score: 1
  
  Not intuitive, but very useful. That shortcut actually works for a bunch of Mac applications ("clean start").
Old... by Anonymous Coward · 2013-07-16 04:30 · Score: 0

I saw that infect someones firefox / windows7 machine once. Was a bitch to remove.
It came from a yahoo site ad.
Welcome to popular mac junkies. You're a target now. But you don't have the tools, and skills to deal with these things.
Where windows users have what... 20+ years of dealin with this crap.
1. Re:Old... by nedlohs · 2013-07-16 04:40 · Score: 0
  
  Really, it was a bitch to remove? It's just a web page. If you can't work out how not to look at a web page in firefox in win7 then I'm not sure why you would be trying to fix anything in the first place...
makes sense by slashmydots · 2013-07-16 04:40 · Score: 0

It makes sense for them target Macs because of their users. If a person has no idea how to use a computer or the internet, they get a Mac. So yes, target the people stupid enough to fall for this.
1. Re:makes sense by 93+Escort+Wagon · 2013-07-16 04:51 · Score: 3, Insightful
  
  Still bitter about that Mac user stealing your girlfriend, I see...
  
  --
  #DeleteChrome
2. Re:makes sense by zieroh · 2013-07-16 05:31 · Score: 1
  
  Wow. 1999 called. They want their meme back.
  
  --
  People who say "sheeple" have about as much sophistication as an AOL user, and in fact are probably actually AOL users.
3. Re:makes sense by Anonymous Coward · 2013-07-16 05:34 · Score: 0
  
  Because the procedure for putting any other computer on the Internet is so different from a Mac?
  Mac: You plug in the cable, and double click a web browser.
  Windows: You plug in the cable, and double click a web browser.
  Linux: You plug in the cable, and double click a web browser.
  Is this where you tell us you are a director of IT and then go on to spew falsehoods about Mac OS X, like half your other posts?
4. Re:makes sense by betterprimate · 2013-07-16 09:04 · Score: 1
  
  echo 'Mac user here.'
  echo 'Hello!'
  sudo killall -u slashmydots
  
  echo 'Goodbye!'
5. Re:makes sense by Anonymous Coward · 2013-07-16 09:39 · Score: 0
  
  Did you warn them?!?
6. Re:makes sense by Anonymous Coward · 2013-07-16 14:33 · Score: 0
  
  sudo
  "Bad command or file name"
  slashmydots wins, flawless victory...babality.
7. Re:makes sense by Anonymous Coward · 2013-07-18 05:57 · Score: 0
  
  wah wah wah, angry apple fanboy lol.
That's right! by Anonymous Coward · 2013-07-16 04:42 · Score: 0

Apple products get worms.
Not a virus, how does your foot taste? by raymorris · 2013-07-16 04:44 · Score: 4, Insightful

How does that foot in your mouth taste? It's not a virus, and not OSX specific - it's just a web page with some annoying Javascript.
Art (or spam) imitates life? by xtal · 2013-07-16 04:49 · Score: 1

The cynic in me wonders how long before this stops being malware and starts being efficient delivery of government policy.

--
..don't panic
Does not appear to be Safari-specific by sootman · 2013-07-16 04:50 · Score: 3, Informative

It takes advantage of Safari's "restore last window" feature, which is optional (though on by default in some versions) and also available in Firefox and Chrome (and possibly also on by default in some versions.)
And the OS X version is limited to a browser, as opposed to the Windows versions (which I've seen) which lock you out of the whole OS and can be VERY hard to get around.
The author's suggestion is to reset Safari (as in, clear cache, remove cookies, etc.) but wouldn't you also just be able to turn off the "restore session" option and then force-quit and relaunch? Also, you could relaunch, and press 'escape' or 'command-period' repeatedly to keep the page from loading.

--
Dear Slashdot: next time you want to mess with the site, add a rich-text editor for comments.
1. Re:Does not appear to be Safari-specific by Em+Adespoton · 2013-07-16 05:24 · Score: 1
  
  It takes advantage of Safari's "restore last window" feature, which is optional (though on by default in some versions) and also available in Firefox and Chrome (and possibly also on by default in some versions.)
  And the OS X version is limited to a browser, as opposed to the Windows versions (which I've seen) which lock you out of the whole OS and can be VERY hard to get around.
  The author's suggestion is to reset Safari (as in, clear cache, remove cookies, etc.) but wouldn't you also just be able to turn off the "restore session" option and then force-quit and relaunch? Also, you could relaunch, and press 'escape' or 'command-period' repeatedly to keep the page from loading.
  hold down shift when restarting after a force quit.
2. Re:Does not appear to be Safari-specific by Anonymous Coward · 2013-07-17 06:44 · Score: 0
  
  Or just not use Safari. Safari is treated with the same level of distain on OSX as IE is with Windows. Chrome works far better in practice. Lesson here? Use the OS installed browser to download something better, and don't look back.
Disable JavaScript by Dak+RIT · 2013-07-16 04:53 · Score: 1

Disable JavaScript[1], close page, there's no step 3.
[1] Preferences -> Security Tab -> uncheck 'Enable JavaScript'
1. Re:Disable JavaScript by zieroh · 2013-07-16 05:30 · Score: 1
  
  Or just select the Reset Safari menu option.
  See: http://blog.malwarebytes.org/intelligence/2013/07/fbi-ransomware-now-targeting-apples-mac-os-x-users/
  
  --
  People who say "sheeple" have about as much sophistication as an AOL user, and in fact are probably actually AOL users.
$300 FBI fine? by tech.kyle · 2013-07-16 04:57 · Score: 1

Where can I get a copy of this malware? Tell the FBI to just deposit the $300 in my savings account.

I'm slightly happy the news is making as much of a fuss over this as they are. As IT, I'm tired of people going "It can't be my problem, I have a Mac."

--
If we colonize Mars, it won't be the World Wide Web anymore. UWW?
Most misleading title of the day? by Anonymous Coward · 2013-07-16 05:06 · Score: 1

Since when does "fake FBI warning page with some javascript to prevent you from closing it" qualify as "malware"?
It's like the submitter didn't even RTFA...
So Safari is broken? by 140Mandak262Jamuna · 2013-07-16 05:13 · Score: 1

Even if the user knows it is a fake warning, and even if the user knows it is the site that has been hacked, if Safari will not let the user close the page and move on, it is broken. It should be fixed. Does Safari always restore the old sessions without allowing the user a chance to start fresh sessions? If not it is broken.

--
sed -e 's/Chuck Norris/Rajnikant/g' joke > fact
1. Re:So Safari is broken? by zieroh · 2013-07-16 05:29 · Score: 1
  
  There's a simple menu option to reset Safari, which completely eliminates the lingering web page. See: http://blog.malwarebytes.org/intelligence/2013/07/fbi-ransomware-now-targeting-apples-mac-os-x-users/
  
  --
  People who say "sheeple" have about as much sophistication as an AOL user, and in fact are probably actually AOL users.
2. Re:So Safari is broken? by MachineShedFred · 2013-07-16 05:36 · Score: 1
  
  You can turn off that behavior in the app Preferences, which is not locked out by this "malware." Also, hold shift while launching Safari after the force quit, and it won't re-open to last visited.
  
  --
  Slashdot still doesnâ(TM)t support Unicode after it was added to the HTML standard in 1997.
Desperate by zieroh · 2013-07-16 05:20 · Score: 1

Calling this malware is a pretty desperate stretch.

--
People who say "sheeple" have about as much sophistication as an AOL user, and in fact are probably actually AOL users.
We've had these for years by vikingpower · 2013-07-16 05:25 · Score: 1

Dudes, in Germany and Austria and Switzerland, these scams have been around for years. They usually tell you that your computer has been locked by the police, and that you need to pay a fine in order to get it unblocked. Nothing new here. News at eleven.

--
Religous speak to God. Insane are spoken to by God. When all shut up, one can finally hear Shostakovich in peace
Irony by BStorm · 2013-07-16 05:34 · Score: 1

Yesterday there was a posting about Chris Sevier suing Apple for causing his porn addiction. Maybe Chris needs to be infected with this malware.

--
Research is what I doing when I don't know what I am doing - Werner von Braun
Windows version by phorm · 2013-07-16 06:06 · Score: 1

I've dealt with the windows version on a few client PC's. It can be a bit of a PITA, but in the cases I've dealt with still seemed to be locked to a given user account (and not the OS).
Doesn't make it any less of a PITA to remove from a user account, especially since it buggers permissions, but the easiest way is usually to create a new user, then boot from safe media, and copy/scan the user's old files to the new account.
Are you sure? by fuzznutz · 2013-07-16 06:34 · Score: 1

[...] and so far Windows Defender and MS Internet Essentials have blocked everything.

That you know about...
So... by Anonymous Coward · 2013-07-16 07:21 · Score: 0

if you pay the $300 do you get to view the porn?
Pretentious? Or maybe just realistic? by King_TJ · 2013-07-16 08:41 · Score: 2

I love how the Windows users get *so* irritated when Mac users point out to them how their machines generally "just work" without all the virus and malware hassles, need for (often costly) anti-virus software and subscriptions, etc.
The only people I see really trying to "pound some sense" into OS X users to use anti-virus software are the companies hawking the stuff.
I use both Windows machines and Macs practically every day. I work in a corporate environment where we're pretty much a 50/50 mix of both platforms, and provide I.T. support for both.
Everyone in our dept. will readily tell you that the Macs are FAR less of a support issue, overall, than the Windows PCs. Nothing in this world is absolute, and it's silly for anyone to make claims involving words like "never". So yes, clearly a handful of viruses HAVE been developed over the years just for Macs and running OS X doesn't make you immune to ever getting a piece of malware. But given a typical use-case of employees using their machines on our corporate network for 8 hours every weekday, doing lots of email, editing of documents, printing of documents, online purchasing, research, etc. etc. -- the Macs have so far NEVER been infected with a virus since we've owned them. The Windows machines have caused multiple serious virus outbreaks, requiring days of effort restoring files on the servers.
We actually bought eSET anti-virus for some of our Macs to try it out, but it just didn't make much financial sense in the end. (The OS X version of their product is far behind the Windows edition in ability to do central administration and updates, and it seemed to just be one more thing to use up system resources.)
Easy fix . . . by Kimomaru · 2013-07-16 11:20 · Score: 1

You know, true story - this problem can totally be avoided by using a shell account and text-based browser. Doing it right now. Bam. No malware. No GRAPHICS, but no malware. Thank you, goodnight. Glad to be of help.
Very Interesting by Anonymous Coward · 2013-07-16 11:51 · Score: 0

Is this really malware? It's just a webpage with annoying javascript...
It's very interesting and rather bizarre how many posts to this article use the rather unusual turn of phrase; "annoying javascript". It's like a massive astroturf campaign.
The real story by Anonymous Coward · 2013-07-16 12:37 · Score: 0

The names and locations of the crooks behind these scams are well known, but nothing is ever done to punish them or the nations from which they operate (or the companies that provide them with web services in the first place). They are criminals well connected to Israel and certain East European nations, and are effectively above the Law. If the heat does get too high (an incredibly rare event) they simply hop over to Israel where they are protected against extradition regardless of the crime.
It gets worse. Just as Google is happy to make advertising money from any company currently one step ahead of the law, major websites of repute happily use ad-servers that frequently push these trojan schemes at their readers. Microsoft and Apple co-operate in ensuring their operating systems have fundamental vulnerabilities to these types of attacks- their excuse being that they leave holes for Israeli operations like Stuxnet, but the people who code Stuxnet, and those that code ransomware are blood-brothers.
Big scams are never punished. Big scams are run by people with political clout. In the UK, for instance, for a period of many years door-to-door cold callers would attempt to persuade people to change their energy suppliers. Even if a resident was NOT interested, these callers would claim to need a signature so they could prove they had visited, and get paid. Of course, the signature was used to authorise a change of supplier. EVERY major energy company in the UK used this scam, inconveniencing millions of Britons. Not one company was punished. Their criminal fraud was literally above the law.
Crimes originating or with strong links to Israel always go unpunished. Worse, the lack of punishment encourages such criminal enterprises to grow without limit. Attempts to clamp down on Israeli crimes (Israel is also at the heart of Human trafficking, the supply of many illegal drugs, and the illegal trade in organs taken from living victims) always has friends of Israel within the UK, USA, France and Germany screaming "anti-semitic, anti-semitic". You Mac owners are just going to have to get used to these kinds of cons, just as PC owners have.
The energy supplier thing is happening in US, too. by Ungrounded+Lightning · 2013-07-16 16:47 · Score: 1

In the UK, for instance, for a period of many years door-to-door cold callers would attempt to persuade people to change their energy suppliers. Even if a resident was NOT interested, these callers would claim to need a signature so they could prove they had visited, and get paid.
Just had one of those here in the San Francisco Bay Area, like within the last couple weeks. Claimed to be "checking" that we were "getting the government required 20% discount". Tried to get us to sign a form that would switch our gas supplier from PG&E to some pseudo-ecological-responsibility gas supplier (using the common gas distribution system).

--
Bantam Dominique roosters crow a four-note song. Once you've heard it as "Happy BIRTHday" you can't NOT hear it that way
Would it have got past NoScript? by Anonymous Coward · 2013-07-16 18:21 · Score: 0

Just asking...

( gotta post anon as I have moderated in this forum )
if this is malware .... by Anonymous Coward · 2013-07-17 02:39 · Score: 0

then a bottle rocket is a ICBM