Slashdot Mirror
OS X Malware Demands $300 FBI Fine For Viewing, Distributing Porn
An anonymous reader writes "A new piece of malware is targeting OS X to extort money from victims by accusing them of illegally accessing pornography. Ransomware typically uses claims of breaking the law and names law enforcement (such as the CIA or FBI) to scare victims, but it is usually aimed at Windows users, not Mac users. The security firm Malwarebytes first spotted this latest threat, noting that criminals have ported the ransomware scheme to OS X and are even exploiting a Safari-specific feature. The ransomware page in question gets pushed onto unsuspecting users browsing high-trafficked sites as well as when searching for popular keywords."
I thought we were past the "being surprised that apple products get malware" stage years ago. This seems like a pretty run-of-the-mill scam. I can't really see what's notable about it. Someone help?
Is this really malware? It's just a webpage with annoying javascript...
...a good security measure for the guy suing Apple for not filtering the porn he was addicted to.
--Kylus
Idiot-proof something, and Life will build a better Idiot.
2003 called, they wanted their scaremongering back.
If you use OSX and practice safe computing (that means NO JAVA FOR YOU), then yea, you're tough as nails to crack. No OS is idiot-proof, though.
The same can't be said for many variants of Windows, especially those still using XP where inserting an infected thumb drive will wreck havoc on your system, hell no, on your entire enterprise network.
Dear aunt, let's set so double the killer delete select all
I've been seeing variations on this one for a year or two now, sometimes connected with the "Yahoo Porn Bug" I wrote about in my journal, sometimes not. The main thing when it comes to a lot of this crap is to explain and assure the public its bullshit, you'd be amazed how many can be put into panic mode by a letter that looks like it comes from authority and of course guys getting child porn charges for Simpsons cartoons and manga really doesn't fucking help matters in that regard.
Now I don't know how it is on OSX but on Windows these kinds of bugs aren't that hard to kill a good tool for the job I've been trying out in the shop is the Emisoft Emergency Kit which is free for personal use but so far looks to be worth the cost of a license if you work in a shop. The whole thing runs on a stick and so far it seems to be pretty damned good at detecting all kinds of bugs and its CLI scanner so far has been pretty good at getting around the run blocks some of the malware uses.
ACs don't waste your time replying, your posts are never seen by me.
This isn't malware. It's a javascript on a web page.
Calling this malware is like calling a firecracker a weapon of mass destruction.
Slashdot still doesnâ(TM)t support Unicode after it was added to the HTML standard in 1997.
No product is totally invulnerable. But it's a simple fact that an OSX user can go a long, long time before ever seeing a virus or malware.
That said - this is not an example of the OS being vulnerable, the whole "malware" is Javascript that takes over Safari a bit, basically a hacked website. I'm not even sure if it works if you have popup blocking on. The computer is never compromised.
"There is more worth loving than we have strength to love." - Brian Jay Stanley
I thought we were past the "being surprised that websites get hacked" years ago.
This is not malware, it's a hacked site with annoying javascript. The only news here is how desperate some people are to show that OSX is vulnerable to malware - even when the malware never is installed on the system...
"There is more worth loving than we have strength to love." - Brian Jay Stanley
It's just a site that uses javascript to try and keep you from leaving, which is hard to get out of on safari because if you forcequit safari, safari "recovers" the page when you open it again.
If I have been able to see further than others, it is because I bought a pair of binoculars.
A proper anti-virus should work quietly behind the scenes. There's no such thing as a fool-proof AV any more than there's a 100% effective vaccine. For every infected machine we have, we have several dozen more that report blocking infections or at least crippling the malware.
Are you saying you don't use an AV on any of your machines?
But this is not Malware! Just a rouge website with some crafty Javascript! The Windows version actually locks the computer and you are forced to Re-install Windows! ! On the Mac version, all you have to do is reset safari from the menu-bar and all is well again! It is very annoying to the end user, but that's all!
How does that foot in your mouth taste? It's not a virus, and not OSX specific - it's just a web page with some annoying Javascript.
Just a rouge website with some crafty Javascript!
What does the color of the web page have to do with anything?
#DeleteChrome
So the GP's point still stands then, any platform with a web browser isn't immune to malware or malware-like scams.
const int one = 65536; (Silvermoon, Texture.cs)
SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
It takes advantage of Safari's "restore last window" feature, which is optional (though on by default in some versions) and also available in Firefox and Chrome (and possibly also on by default in some versions.)
And the OS X version is limited to a browser, as opposed to the Windows versions (which I've seen) which lock you out of the whole OS and can be VERY hard to get around.
The author's suggestion is to reset Safari (as in, clear cache, remove cookies, etc.) but wouldn't you also just be able to turn off the "restore session" option and then force-quit and relaunch? Also, you could relaunch, and press 'escape' or 'command-period' repeatedly to keep the page from loading.
Dear Slashdot: next time you want to mess with the site, add a rich-text editor for comments.
Still bitter about that Mac user stealing your girlfriend, I see...
#DeleteChrome
Well, I certainly don't. As far as I am concerned, it is the same attitude you hear when people say "But we have to do something!!!". It doesn't work. Don't bother. Use a more secure browser. Use an ad-blocker. Have a decent firewall installed. These will help. Perhaps you can enlighten us on which Antivirus program you use on the networks you manage. Then tell us which infections it stopped. I have customers who own solutions from Symantec, VIPRE, Kaspersky, McAfee, AVG, Avira, and Trend (among others I won't take the time to recall). Invariably, those who insist on using IE get infected the most. I have encountered some who get compromised or scammed while using Firefox or Chrome (99% of the time with no ad blocker installed). Not only do the AV packages not stop the infection, but looking in their "quarantine" I never find anything more than tracking cookies. The first rootkit, virus, or whatever that the package encountered was not only not stopped, but crippled the AV.
Often, the AV package is still intact enough to interfere with the proper progress of a legitimate mitigation tool like ComboFix, though.
The customers I have who never get infected? Yeah, they're using Macintoshes, running OS versions between 10.5 and 10.8. Occasionally I see a Mac user who has been tricked into installed MacKeeper (bogus maintenance software) when they don't have an ad-blocker installed. Simple to remove without extra software.
The brains of a chicken, coupled with the claws of two eagles, may well hatch the eggs of our destruction.
Our corporate Macs which I maintain have an antivirus installed due to policy, but the only thing it ever finds is Windows viruses that arrive via email attachments that manage to get through the email gateway scanner.
The #1 thing that protects our Macs: The user does not have administrative credentials.
The #2 thing that protects our Macs: Applications are all deployed via a centrally managed repository, which allows for #1.
Slashdot still doesnâ(TM)t support Unicode after it was added to the HTML standard in 1997.
If "any old one would do" then you should realize that unless they are running ancient version of OS X that all macs have antivirus built in. Apple added it several years ago and updates it regularly.
I love how the Windows users get *so* irritated when Mac users point out to them how their machines generally "just work" without all the virus and malware hassles, need for (often costly) anti-virus software and subscriptions, etc.
The only people I see really trying to "pound some sense" into OS X users to use anti-virus software are the companies hawking the stuff.
I use both Windows machines and Macs practically every day. I work in a corporate environment where we're pretty much a 50/50 mix of both platforms, and provide I.T. support for both.
Everyone in our dept. will readily tell you that the Macs are FAR less of a support issue, overall, than the Windows PCs. Nothing in this world is absolute, and it's silly for anyone to make claims involving words like "never". So yes, clearly a handful of viruses HAVE been developed over the years just for Macs and running OS X doesn't make you immune to ever getting a piece of malware. But given a typical use-case of employees using their machines on our corporate network for 8 hours every weekday, doing lots of email, editing of documents, printing of documents, online purchasing, research, etc. etc. -- the Macs have so far NEVER been infected with a virus since we've owned them. The Windows machines have caused multiple serious virus outbreaks, requiring days of effort restoring files on the servers.
We actually bought eSET anti-virus for some of our Macs to try it out, but it just didn't make much financial sense in the end. (The OS X version of their product is far behind the Windows edition in ability to do central administration and updates, and it seemed to just be one more thing to use up system resources.)