Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

OS X Malware Demands $300 FBI Fine For Viewing, Distributing Porn

timothy posted about a year ago | from the receipt-is-useless dept.

OS X 173

An anonymous reader writes "A new piece of malware is targeting OS X to extort money from victims by accusing them of illegally accessing pornography. Ransomware typically uses claims of breaking the law and names law enforcement (such as the CIA or FBI) to scare victims, but it is usually aimed at Windows users, not Mac users. The security firm Malwarebytes first spotted this latest threat, noting that criminals have ported the ransomware scheme to OS X and are even exploiting a Safari-specific feature. The ransomware page in question gets pushed onto unsuspecting users browsing high-trafficked sites as well as when searching for popular keywords."

cancel ×

173 comments

Sorry! There are no comments related to the filter you selected.

Ok? (4, Insightful)

i kan reed (749298) | about a year ago | (#44298047)

I thought we were past the "being surprised that apple products get malware" stage years ago. This seems like a pretty run-of-the-mill scam. I can't really see what's notable about it. Someone help?

Re:Ok? (2, Funny)

Anonymous Coward | about a year ago | (#44298135)

Apple never have bugs, everything is perfect. Move along now, citizen.

Re:Ok? (2, Funny)

Anonymous Coward | about a year ago | (#44298145)

You know the "x on the internet" effect in which it is somehow more novel than x by itself?
Well "x on a mac" effect is even worse.

Re:Ok? (3, Funny)

Anonymous Coward | about a year ago | (#44298405)

Don't let the patent office hear that.

fixed in 3, 2, 1... (0)

noh8rz9 (2716595) | about a year ago | (#44298779)

...aaand, it's fixed. Apple added the malware to its block list, which all computers update on an hourly basis. another strength of the apple platform, they can quickly shut down anything that gets through their protection net.

Re:Ok? (5, Informative)

SSpade (549608) | about a year ago | (#44298163)

It's not malware. It's just a webpage.

Gullibility isn't OS-specific.

Re:Ok? (1)

SJHillman (1966756) | about a year ago | (#44298463)

Safari isn't OS-specific either, but the primary Safari market is OS X users. So if it's exploiting Safari, then it's probably aimed at Mac users.

Re:Ok? (1)

fazey (2806709) | about a year ago | (#44299233)

Depends on the payload really. I dont know the details of the exploit, but if it requires dumping shellcode... that would make it OS specific.

Re:Ok? (5, Informative)

Rosyna (80334) | about a year ago | (#44299315)

there's no payload and no exploit involved. it's just a webpage that opens another webpage when you try to close it.

Re:Ok? (4, Insightful)

fazey (2806709) | about a year ago | (#44300181)

So how is this "mac specific" or an "exploit"... and not just... a popup?

FTFY (3, Insightful)

SuperKendall (25149) | about a year ago | (#44298315)

I thought we were past the "being surprised that websites get hacked" years ago.

This is not malware, it's a hacked site with annoying javascript. The only news here is how desperate some people are to show that OSX is vulnerable to malware - even when the malware never is installed on the system...

Re:FTFY (0)

Anonymous Coward | about a year ago | (#44298601)

I thought the annoying thing about the infection was the ransom notice put up by the bad guys. This part is okay with you, just not news that it hit OSX?

Re:FTFY (1)

meerling (1487879) | about a year ago | (#44298955)

It's software that is intended for a malicious purpose contrary the wants and needs of the user.
It is malware, it's just not running from a platform usually used for such things.
I guess you think that the various ms word worms aren't malware because they are scripts that run on ms word.
(And yes, those ms word worms are viruses because they are infecting an executable code, even if it's something most people don't realize is executable code. And executable code does not mean .exe files, though those are one type of executable code.)

Re:FTFY (1)

SuperKendall (25149) | about a year ago | (#44299051)

I guess you think that the various ms word worms aren't malware because they are scripts that run on ms word.

No, they are all location on your system. And they have wide access to your system.

Javascript going a bit wild is not malware, any more than any advertisement or popup is. It's just a hacked site.

Re:FTFY (3, Insightful)

jimicus (737525) | about a year ago | (#44299319)

It is malware, it's just not running from a platform usually used for such things.

True, but the important point is the platform in question is not OS X and it is somewhat disingenuous to pretend it is. The platform is "any web browser that automatically reloads the last visited site if you force it to quit".

Re:FTFY (0, Troll)

recoiledsnake (879048) | about a year ago | (#44299281)

The only news here is how desperate some people are to show that OSX is vulnerable to malware - even when the malware never is installed on the system...

Are you implying that OSX isn't vulnerable to malware?

Re:Ok? (1)

interkin3tic (1469267) | about a year ago | (#44298455)

A few weeks ago, the computer in my lab that is connected to two somewhat expensive bits of equipment came down with this. That was more surprising to me. It's connected to the gel imager and is in a common area. People put agarose gels in the imager and then forget to take off their gloves to use the computer. The keyboard is probably covered in ethidium bromide. [wikipedia.org] Why someone would be watching porn on it is beyond me.

I guess on the bright side, semen being on the keyboard isn't a huge concern compared to the EtBr, but the ransomware prevented some people from doing their research. It said we could unlock it and avoid prosecution by paying $300 at the local CVS. I guess that sounds like a good deal to some people, possibly the person who was jerking off with carcinogens.

Re:Ok? (2, Insightful)

Samantha Wright (1324923) | about a year ago | (#44299213)

...well, there's a pretty simple way to check whether or not your fears are founded. Just shine a UV lamp on the keyboard and examine the shapes of the stains. This is like the forensic chemistry equivalent of a textbook physics problem set in a textbook factory.

Porn parity (0)

Anonymous Coward | about a year ago | (#44298081)

At long last, porn parity for the Mac true believers.

Not so Invulnerable now, huh...? (0, Troll)

Anonymous Coward | about a year ago | (#44298099)

I'm not saying Mac OS X has more viruses than Windows, but almost every Mac user I know has this pretentious attitude that they're invulnerable just by virtue of running Mac OS X. Maybe this will help pound some sense into them.

Re:Not so Invulnerable now, huh...? (-1, Offtopic)

SJHillman (1966756) | about a year ago | (#44298175)

We've had issues with employees who want to use their Mac on our network and then raising hell at being required to put an antivirus on it before we'll allow them to connect (we don't even specify an antivirus... any old one will do as long as it's up to date).

Re:Not so Invulnerable now, huh...? (1)

Holi (250190) | about a year ago | (#44298227)

What good does anti-virus software even do. Every machine I have come across that is infected has an up to date av package on it. It doesn't even slow down an infection anymore.

Re:Not so Invulnerable now, huh...? (2)

SJHillman (1966756) | about a year ago | (#44298421)

A proper anti-virus should work quietly behind the scenes. There's no such thing as a fool-proof AV any more than there's a 100% effective vaccine. For every infected machine we have, we have several dozen more that report blocking infections or at least crippling the malware.

Re:Not so Invulnerable now, huh...? (0)

Anonymous Coward | about a year ago | (#44298547)

Anti-virus is really at best 30% effective nowadays anyways..

Re:Not so Invulnerable now, huh...? (1, Flamebait)

flyingfsck (986395) | about a year ago | (#44298335)

Antivirus - to do what? Your ignorance is astounding and you work in IT? Sigh...

Re:Not so Invulnerable now, huh...? (2)

SJHillman (1966756) | about a year ago | (#44298431)

Are you saying you don't use an AV on any of your machines?

Re:Not so Invulnerable now, huh...? (2, Informative)

Vidar Leathershod (41663) | about a year ago | (#44298833)

Well, I certainly don't. As far as I am concerned, it is the same attitude you hear when people say "But we have to do something!!!". It doesn't work. Don't bother. Use a more secure browser. Use an ad-blocker. Have a decent firewall installed. These will help. Perhaps you can enlighten us on which Antivirus program you use on the networks you manage. Then tell us which infections it stopped. I have customers who own solutions from Symantec, VIPRE, Kaspersky, McAfee, AVG, Avira, and Trend (among others I won't take the time to recall). Invariably, those who insist on using IE get infected the most. I have encountered some who get compromised or scammed while using Firefox or Chrome (99% of the time with no ad blocker installed). Not only do the AV packages not stop the infection, but looking in their "quarantine" I never find anything more than tracking cookies. The first rootkit, virus, or whatever that the package encountered was not only not stopped, but crippled the AV.

Often, the AV package is still intact enough to interfere with the proper progress of a legitimate mitigation tool like ComboFix, though.

The customers I have who never get infected? Yeah, they're using Macintoshes, running OS versions between 10.5 and 10.8. Occasionally I see a Mac user who has been tricked into installed MacKeeper (bogus maintenance software) when they don't have an ad-blocker installed. Simple to remove without extra software.

Re:Not so Invulnerable now, huh...? (0)

cusco (717999) | about a year ago | (#44299317)

My wife's nieces and nephews hang out in Internet cafes in Peru, which are virus breeding grounds. We frequently get sent crap through their accounts, and so far Windows Defender and MS Internet Essentials have blocked everything. If you think that antivirus software doesn't do anything than you're living in a fantasy world.

Are you sure? (1)

fuzznutz (789413) | about a year ago | (#44300359)

[...] and so far Windows Defender and MS Internet Essentials have blocked everything.

That you know about...

Re:Not so Invulnerable now, huh...? (0)

Anonymous Coward | about a year ago | (#44299693)

It's my experience that trend micro stops some malware, I use windows defender and it's ok. But yes user habits seem to be the strongest indicator of who is gonna get a virus.

Re:Not so Invulnerable now, huh...? (0)

Anonymous Coward | about a year ago | (#44299491)

No i don't. I use Linux.

Someone had to say it! :)

Re:Not so Invulnerable now, huh...? (1)

Rosyna (80334) | about a year ago | (#44299347)

Perhaps you should become aware of XProtect.

Re:Not so Invulnerable now, huh...? (2)

acariquara (753971) | about a year ago | (#44298199)

2003 called, they wanted their scaremongering back.

If you use OSX and practice safe computing (that means NO JAVA FOR YOU), then yea, you're tough as nails to crack. No OS is idiot-proof, though.

The same can't be said for many variants of Windows, especially those still using XP where inserting an infected thumb drive will wreck havoc on your system, hell no, on your entire enterprise network.

Re:Not so Invulnerable now, huh...? (1)

war4peace (1628283) | about a year ago | (#44298255)

If your 2013 enterprise network is vulnerable to infection spread from a Windows XP machine... trust me, the cause isn't that an unpatched Windows XP installation caught a cough.

Re:Not so Invulnerable now, huh...? (0)

Anonymous Coward | about a year ago | (#44298353)

I've been running on Windows for the past 20 years, and the amount of infections (despite regularly hitting up the warez sites) I can count on one hand.

Also, last time I inserted any USB into my XP box, it popped up a dialog asking what I should do with it. So ya, fanboy will be fanboy.

Re:Not so Invulnerable now, huh...? (2)

MachineShedFred (621896) | about a year ago | (#44299481)

Our corporate Macs which I maintain have an antivirus installed due to policy, but the only thing it ever finds is Windows viruses that arrive via email attachments that manage to get through the email gateway scanner.

The #1 thing that protects our Macs: The user does not have administrative credentials.
The #2 thing that protects our Macs: Applications are all deployed via a centrally managed repository, which allows for #1.

Re:Not so Invulnerable now, huh...? (5, Funny)

MachineShedFred (621896) | about a year ago | (#44298225)

This isn't malware. It's a javascript on a web page.

Calling this malware is like calling a firecracker a weapon of mass destruction.

Re:Not so Invulnerable now, huh...? (2)

AmiMoJo (196126) | about a year ago | (#44298621)

So the GP's point still stands then, any platform with a web browser isn't immune to malware or malware-like scams.

Re:Not so Invulnerable now, huh...? (1)

hjf (703092) | about a year ago | (#44298689)

Is it? A malware program like this has been attacking windows computer lately. It scans IPs for port 3389 (remote desktop) and then tries to brute force into the system. Once it's inside, it runs a script that RARs all your files with a huge random password. Then they demand a $2000 ransom to recover it.

It happened to a customer of mine who "refused to run a VPN because it slowed things down" and had port 3389 open to the public. There are also scans on port 5900 (VNC server).

To be fair: neither an antivirus, nor Mac "invulnerability" would protect you from a brute force attack on remote access ports and using your user account to encrypt data. This particular virus doesn't even need administrative privileges to work.

Re:Not so Invulnerable now, huh...? (1)

zieroh (307208) | about a year ago | (#44299071)

This isn't that malware. This is just an annoying bit of javascript.

Re:Not so Invulnerable now, huh...? (0)

Anonymous Coward | about a year ago | (#44298929)

It does fit the broad definition of "malware".

It is not however that big a deal because it's basically the same level of threat as phishing emails. All you need to defeat it is a modicum of common sense. Really it's probably most effective against teenagers, and the terminally stupid both of which could use the lesson.

No, still pretty invulnerable... (4, Informative)

SuperKendall (25149) | about a year ago | (#44298271)

No product is totally invulnerable. But it's a simple fact that an OSX user can go a long, long time before ever seeing a virus or malware.

That said - this is not an example of the OS being vulnerable, the whole "malware" is Javascript that takes over Safari a bit, basically a hacked website. I'm not even sure if it works if you have popup blocking on. The computer is never compromised.

Re:No, still pretty invulnerable... (1)

dragon-file (2241656) | about a year ago | (#44300317)

No product is totally invulnerable. But it's a simple fact that an OSX user can go a long, long time before ever seeing a virus or malware.

A user can go along time without seeing virus and malware in OSX because OSX holds 7.18% of the market as opposed to Windows 7 and XP at a combined total of 81%.

If I were to write malicious code with the intent to prey on the gullible and make quick money which OS would I target?

Re:Not so Invulnerable now, huh...? (2)

ClaraBow (212734) | about a year ago | (#44298451)

But this is not Malware! Just a rouge website with some crafty Javascript! The Windows version actually locks the computer and you are forced to Re-install Windows! ! On the Mac version, all you have to do is reset safari from the menu-bar and all is well again! It is very annoying to the end user, but that's all!

Re:Not so Invulnerable now, huh...? (4, Funny)

93 Escort Wagon (326346) | about a year ago | (#44298615)

Just a rouge website with some crafty Javascript!

What does the color of the web page have to do with anything?

Re:Not so Invulnerable now, huh...? (1)

ClaraBow (212734) | about a year ago | (#44298719)

Oops! Should have read: rogue! Oh, but rouge rogue does have a nice ring to it!

Re:Not so Invulnerable now, huh...? (1)

93 Escort Wagon (326346) | about a year ago | (#44298807)

"The Rouge Rogue" sounds like a supervillian from the 1950s!

Re:Not so Invulnerable now, huh...? (1)

Em Adespoton (792954) | about a year ago | (#44298755)

Just a rouge website with some crafty Javascript!

What does the color of the web page have to do with anything?

It's from the red light district....

Re:Not so Invulnerable now, huh...? (1)

hjf (703092) | about a year ago | (#44298749)

Different viruses. The one for windows attacks through RDP port. I've seen scans on port 5900 too. Nothing would keep a similar virus from attacking Mac if you run any sort of remote access and a weak password.

The virus for windows encrypt your files and demands a ransom. Nothing would keep a similar virus from doing the same on a mac, since you don't need admin privileges or any sort of exploit to manipulate your own files.

Re:Not so Invulnerable now, huh...? (1)

jimicus (737525) | about a year ago | (#44299365)

The virus for windows encrypt your files and demands a ransom. Nothing would keep a similar virus from doing the same on a mac, since you don't need admin privileges or any sort of exploit to manipulate your own files.

Almost certainly would be a trojan rather than a virus in that case.

Mind you, it's a bit rich to equate "Macs don't get viruses" (true) with "Macs are immune to all forms of malware" (patently false).

Not a virus, how does your foot taste? (4, Insightful)

raymorris (2726007) | about a year ago | (#44298569)

How does that foot in your mouth taste? It's not a virus, and not OSX specific - it's just a web page with some annoying Javascript.

Well I will just tell my wife... (0)

Anonymous Coward | about a year ago | (#44298107)

Well I will just tell my wife that i don't use Safari to surf for porn. Crisis averted.
(I use Firefox Private browsing for that.)
Hmmm...We are good unless she uses Safari for that!!???

Malware (5, Informative)

AlreadyStarted (523251) | about a year ago | (#44298115)

Is this really malware? It's just a webpage with annoying javascript...

Re:Malware (1)

sjames (1099) | about a year ago | (#44298165)

In a minor sense, since the javascript is software.

really there should be a good way to kill the page without resetting everything in the browser.

Re:Malware (2)

AlreadyStarted (523251) | about a year ago | (#44298249)

Looks like holding shift while starting safari solves the problem. No browser reset required. Holding shift tells safari not to open previously open tabs/windows.

Re:Malware (1)

FellowConspirator (882908) | about a year ago | (#44298297)

You could enable the the "Develop" menu in preferences and then select "Disable JavaScript" on the problematic page without having to reset anything (you could also open the JavaScript console and stop it). This really has nothing to do with OS X and isn't even browser-specific. There's, of course, a browser-specific answer to it (it only takes a few minutes to create a Safari plug-in to block it).

Re:Malware (0)

Anonymous Coward | about a year ago | (#44298399)

really there should be a good way to kill the page without resetting everything in the browser.

There is:
- open the JavaScript console
- type (or paste) "function areYouSure() { return false ; } " (without the quotes) at the prompt
- next time the function is called it won't prompt

I guess you could also just set i = 150 and stop the iframe madness.

Re:Malware (1)

acariquara (753971) | about a year ago | (#44298243)

But MACS!!! ARE!!! NOT!!! IMMUNE!!! TO!!! BAD!!! THINGS!!! is way catchier.

Filter: I know it's yelling, I am trying to make a point here.

Re:Malware (1)

SJHillman (1966756) | about a year ago | (#44298257)

The definition in the article is "ransomware is malware which restricts access to the computer it infects, spamming the user with prompts that demand a ransom paid for functionality to be reinstated"

I'd say it qualifies. It restricts access to the computer. Malware usually follows the KISS principle better than most other software, which is one of the reasons why it can become so widespread even though a commercial software package can be a pain in the ass to get it to work. If your software absolutely, positively has to run on every possible computer, talk to a malware author.

Safari related bug (1)

sosume (680416) | about a year ago | (#44298131)

Clever use of a bug in Safari, who would have thought of that.. I'd say the US should be able to knock out this site in a few minutes, by using the provisions in the SOPA act. Right?

I call B.S. (0)

sammy_cda (783295) | about a year ago | (#44298137)

Everyone knows Macs don't get virus right? ;-)

Re:I call B.S. (0)

Anonymous Coward | about a year ago | (#44298411)

Everyone knows Macs don't get virus right? ;-)

This is due to the raw organic diet apples products are raised on. It also means they don't need polio vaccines because their immune systems are so strong they'd never get polio anyway. The problem though is that some people aren't keeping the raw organic diet intended for apple products which is comprising their immune systems along with leading to overall poor health and sluggishness. Also, your Apple product needs at least 3 hours of mediation a day to keep it's chakras online. The good news is if you return your product to a raw organic diet and make sure it gets it's mediation, the immune system of your apple product will return to full strength and kill the virus.

That's right! (0)

Anonymous Coward | about a year ago | (#44298525)

Apple products get worms.

Re:I call B.S. (0)

Anonymous Coward | about a year ago | (#44298769)

Of course they do but this isn't a virus, trojan or even malware.

It's just an annoying web page that doesn't let you close it. No different than a page that opens tabs of goatse or plays "MY BOSS IS A CUNT" really loud.

Annoying but not dangerous (unless you fall for it).

Now unless you think Apple shouldn't allow web browsing on Macs then this is a non event.

You can't get "virus" on a mac... (-1)

Anonymous Coward | about a year ago | (#44298167)

But you can still afford a "doctor" if you buy a PC...

The CIA is not law enforcement (1)

intermodal (534361) | about a year ago | (#44298181)

The CIA is and always has been an intelligence/espionage agency. Blurb is incorrect to call them law enforcement

Re:The CIA is not law enforcement (1)

FellowConspirator (882908) | about a year ago | (#44298321)

... and copyright infringement is a tort, not a crime.

Re:The CIA is not law enforcement (1)

Spy Handler (822350) | about a year ago | (#44298785)

I find a surprising number of people who don't know the difference, not just dumb people but even those with normal intelligence who are competent in their fields.

Perhaps we can illustrate with movie examples. CIA = Jason Bourne, assassin we send abroad to kill foreign nationals who create trouble for the U.S. gov't. They only operate outside the USA, as they are forbidden by law to spy on or kill anyone inside the USA.

FBI = Jodi Foster in Silence of the Lambs, police who catch criminals inside the USA. They have no jurisdiction or power outside the USA.

Been on Windows for awhile.. (2, Insightful)

hairyfeet (841228) | about a year ago | (#44298205)

I've been seeing variations on this one for a year or two now, sometimes connected with the "Yahoo Porn Bug" I wrote about in my journal, sometimes not. The main thing when it comes to a lot of this crap is to explain and assure the public its bullshit, you'd be amazed how many can be put into panic mode by a letter that looks like it comes from authority and of course guys getting child porn charges for Simpsons cartoons and manga really doesn't fucking help matters in that regard.

Now I don't know how it is on OSX but on Windows these kinds of bugs aren't that hard to kill a good tool for the job I've been trying out in the shop is the Emisoft Emergency Kit [emsisoft.com] which is free for personal use but so far looks to be worth the cost of a license if you work in a shop. The whole thing runs on a stick and so far it seems to be pretty damned good at detecting all kinds of bugs and its CLI scanner so far has been pretty good at getting around the run blocks some of the malware uses.

Re:Been on Windows for awhile.. (0)

Anonymous Coward | about a year ago | (#44298507)

That's just it. This doesn't require a "tool" to remove it. It should affect Windows and linux users just as well. The only difference is that Safari actually reloads the previous pages that were open when you start it back up. So, as a result, this annoying website comes back up. Chrome has the same feature built into it, but it might not be turned on by default.

Unlike the windows version for this that have been showing up for quite some time now, this doesn't install anything. It just gets started and uses normal javascript functionality to prevent you from easily getting rid of it. That same javascript should work the same on most browsers regardless of the OS.

So, no need for special tools for this one. Just learning how to use your computer should be sufficient.

Re:Been on Windows for awhile.. (1)

fermion (181285) | about a year ago | (#44298963)

Not really a bug, but rather an implementation. Unfortunately Safari, like IE, allows websites to change the display of a browser window(for instance, no longer display the URL) and to display modal windows that effectively hijack the browser. While there are a few legitimate reasons to allow this, for the most part they are used to keep people on a page against their will.

A lot of this comes from the effort of MS to turn the web browser into an application front end, and many of the legitimate uses are related to using the browser as a dumb terminal. But the risk is significant. On Windows i have IE, only used for sites I know I have to. I try not to go anywhere questionable on a PC. I have had to reformat my computers twice because of problems. On the Mac I have Safari and Firefox. I also have Chrome but it can't be as locked as much so I only use for Google Drive.

It is too bad that we need multiple browsers, but that is life. I really did not realize how hard it was to get a safe browser until Camino was EOL and I had to switch to, and secure, Firefox.

$300 fine (0)

Anonymous Coward | about a year ago | (#44298251)

$300 fine? For each file? I'm bankrupt!!!!!!

Year of the Macintosh desktop. (0)

Anonymous Coward | about a year ago | (#44298253)

Some finally got around to porting windows viruses to macintosh. I think it's time to declare 2013 year of the Macintosh desktop. Sorry linux.

obviously fake (1)

stenvar (2789879) | about a year ago | (#44298305)

Law enforcement is never that straightforward and efficient.

Re:obviously fake (1)

SJHillman (1966756) | about a year ago | (#44298479)

Or that cheap.

Not malware (2, Informative)

Qzukk (229616) | about a year ago | (#44298319)

It's just a site that uses javascript to try and keep you from leaving, which is hard to get out of on safari because if you forcequit safari, safari "recovers" the page when you open it again.

Re:Not malware (4, Informative)

93 Escort Wagon (326346) | about a year ago | (#44298641)

Hold down "Shift" when you re-launch Safari - that'll solve that problem.

Old... (0)

Anonymous Coward | about a year ago | (#44298355)

I saw that infect someones firefox / windows7 machine once. Was a bitch to remove.

It came from a yahoo site ad.

Welcome to popular mac junkies. You're a target now. But you don't have the tools, and skills to deal with these things.
Where windows users have what... 20+ years of dealin with this crap.

Re:Old... (0)

nedlohs (1335013) | about a year ago | (#44298497)

Really, it was a bitch to remove? It's just a web page. If you can't work out how not to look at a web page in firefox in win7 then I'm not sure why you would be trying to fix anything in the first place...

makes sense (0)

slashmydots (2189826) | about a year ago | (#44298501)

It makes sense for them target Macs because of their users. If a person has no idea how to use a computer or the internet, they get a Mac. So yes, target the people stupid enough to fall for this.

Re:makes sense (3, Insightful)

93 Escort Wagon (326346) | about a year ago | (#44298665)

Still bitter about that Mac user stealing your girlfriend, I see...

Re:makes sense (1)

zieroh (307208) | about a year ago | (#44299291)

Wow. 1999 called. They want their meme back.

Re:makes sense (0)

Anonymous Coward | about a year ago | (#44299333)

Because the procedure for putting any other computer on the Internet is so different from a Mac?

Mac: You plug in the cable, and double click a web browser.
Windows: You plug in the cable, and double click a web browser.
Linux: You plug in the cable, and double click a web browser.

Is this where you tell us you are a director of IT and then go on to spew falsehoods about Mac OS X, like half your other posts?

Art (or spam) imitates life? (1)

xtal (49134) | about a year ago | (#44298647)

The cynic in me wonders how long before this stops being malware and starts being efficient delivery of government policy.

Does not appear to be Safari-specific (3, Informative)

sootman (158191) | about a year ago | (#44298651)

It takes advantage of Safari's "restore last window" feature, which is optional (though on by default in some versions) and also available in Firefox and Chrome (and possibly also on by default in some versions.)

And the OS X version is limited to a browser, as opposed to the Windows versions (which I've seen) which lock you out of the whole OS and can be VERY hard to get around.

The author's suggestion is to reset Safari (as in, clear cache, remove cookies, etc.) but wouldn't you also just be able to turn off the "restore session" option and then force-quit and relaunch? Also, you could relaunch, and press 'escape' or 'command-period' repeatedly to keep the page from loading.

Re:Does not appear to be Safari-specific (1)

Em Adespoton (792954) | about a year ago | (#44299165)

It takes advantage of Safari's "restore last window" feature, which is optional (though on by default in some versions) and also available in Firefox and Chrome (and possibly also on by default in some versions.)

And the OS X version is limited to a browser, as opposed to the Windows versions (which I've seen) which lock you out of the whole OS and can be VERY hard to get around.

The author's suggestion is to reset Safari (as in, clear cache, remove cookies, etc.) but wouldn't you also just be able to turn off the "restore session" option and then force-quit and relaunch? Also, you could relaunch, and press 'escape' or 'command-period' repeatedly to keep the page from loading.

hold down shift when restarting after a force quit.

Windows version (1)

phorm (591458) | about a year ago | (#44299893)

I've dealt with the windows version on a few client PC's. It can be a bit of a PITA, but in the cases I've dealt with still seemed to be locked to a given user account (and not the OS).

Doesn't make it any less of a PITA to remove from a user account, especially since it buggers permissions, but the easiest way is usually to create a new user, then boot from safe media, and copy/scan the user's old files to the new account.

Disable JavaScript (1)

Dak RIT (556128) | about a year ago | (#44298693)

Disable JavaScript[1], close page, there's no step 3.

[1] Preferences -> Security Tab -> uncheck 'Enable JavaScript'

$300 FBI fine? (1)

tech.kyle (2800087) | about a year ago | (#44298759)

Where can I get a copy of this malware? Tell the FBI to just deposit the $300 in my savings account.

I'm slightly happy the news is making as much of a fuss over this as they are. As IT, I'm tired of people going "It can't be my problem, I have a Mac."

Most misleading title of the day? (1)

Anonymous Coward | about a year ago | (#44298913)

Since when does "fake FBI warning page with some javascript to prevent you from closing it" qualify as "malware"?

It's like the submitter didn't even RTFA...

So Safari is broken? (1)

140Mandak262Jamuna (970587) | about a year ago | (#44299007)

Even if the user knows it is a fake warning, and even if the user knows it is the site that has been hacked, if Safari will not let the user close the page and move on, it is broken. It should be fixed. Does Safari always restore the old sessions without allowing the user a chance to start fresh sessions? If not it is broken.

Re:So Safari is broken? (1)

MachineShedFred (621896) | about a year ago | (#44299389)

You can turn off that behavior in the app Preferences, which is not locked out by this "malware." Also, hold shift while launching Safari after the force quit, and it won't re-open to last visited.

Desperate (1)

zieroh (307208) | about a year ago | (#44299103)

Calling this malware is a pretty desperate stretch.

We've had these for years (1)

vikingpower (768921) | about a year ago | (#44299179)

Dudes, in Germany and Austria and Switzerland, these scams have been around for years. They usually tell you that your computer has been locked by the police, and that you need to pay a fine in order to get it unblocked. Nothing new here. News at eleven.

Irony (1)

BStorm (107974) | about a year ago | (#44299325)

Yesterday there was a posting about Chris Sevier [slashdot.org] suing Apple for causing his porn addiction. Maybe Chris needs to be infected with this malware.
Load More Comments
Slashdot Login

Need an Account?

Forgot your password?

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>