Slashdot Mirror
OS X Malware Demands $300 FBI Fine For Viewing, Distributing Porn
An anonymous reader writes "A new piece of malware is targeting OS X to extort money from victims by accusing them of illegally accessing pornography. Ransomware typically uses claims of breaking the law and names law enforcement (such as the CIA or FBI) to scare victims, but it is usually aimed at Windows users, not Mac users. The security firm Malwarebytes first spotted this latest threat, noting that criminals have ported the ransomware scheme to OS X and are even exploiting a Safari-specific feature. The ransomware page in question gets pushed onto unsuspecting users browsing high-trafficked sites as well as when searching for popular keywords."
Is this really malware? It's just a webpage with annoying javascript...
It's not malware. It's just a webpage.
Gullibility isn't OS-specific.
No product is totally invulnerable. But it's a simple fact that an OSX user can go a long, long time before ever seeing a virus or malware.
That said - this is not an example of the OS being vulnerable, the whole "malware" is Javascript that takes over Safari a bit, basically a hacked website. I'm not even sure if it works if you have popup blocking on. The computer is never compromised.
"There is more worth loving than we have strength to love." - Brian Jay Stanley
It's just a site that uses javascript to try and keep you from leaving, which is hard to get out of on safari because if you forcequit safari, safari "recovers" the page when you open it again.
If I have been able to see further than others, it is because I bought a pair of binoculars.
It takes advantage of Safari's "restore last window" feature, which is optional (though on by default in some versions) and also available in Firefox and Chrome (and possibly also on by default in some versions.)
And the OS X version is limited to a browser, as opposed to the Windows versions (which I've seen) which lock you out of the whole OS and can be VERY hard to get around.
The author's suggestion is to reset Safari (as in, clear cache, remove cookies, etc.) but wouldn't you also just be able to turn off the "restore session" option and then force-quit and relaunch? Also, you could relaunch, and press 'escape' or 'command-period' repeatedly to keep the page from loading.
Dear Slashdot: next time you want to mess with the site, add a rich-text editor for comments.
Well, I certainly don't. As far as I am concerned, it is the same attitude you hear when people say "But we have to do something!!!". It doesn't work. Don't bother. Use a more secure browser. Use an ad-blocker. Have a decent firewall installed. These will help. Perhaps you can enlighten us on which Antivirus program you use on the networks you manage. Then tell us which infections it stopped. I have customers who own solutions from Symantec, VIPRE, Kaspersky, McAfee, AVG, Avira, and Trend (among others I won't take the time to recall). Invariably, those who insist on using IE get infected the most. I have encountered some who get compromised or scammed while using Firefox or Chrome (99% of the time with no ad blocker installed). Not only do the AV packages not stop the infection, but looking in their "quarantine" I never find anything more than tracking cookies. The first rootkit, virus, or whatever that the package encountered was not only not stopped, but crippled the AV.
Often, the AV package is still intact enough to interfere with the proper progress of a legitimate mitigation tool like ComboFix, though.
The customers I have who never get infected? Yeah, they're using Macintoshes, running OS versions between 10.5 and 10.8. Occasionally I see a Mac user who has been tricked into installed MacKeeper (bogus maintenance software) when they don't have an ad-blocker installed. Simple to remove without extra software.
The brains of a chicken, coupled with the claws of two eagles, may well hatch the eggs of our destruction.
there's no payload and no exploit involved. it's just a webpage that opens another webpage when you try to close it.
It was demonstrated on Safari, but apparently it works on Chrome as well. And I'd say it'll probably work on Firefox too.
It's especially annoying since the browser helpfully restores your last session when they crash, so this site and its 150 popups make it persistent indeed.
and easy enough to kill by disabling JS
The cesspool just got a check and balance.