Beta

×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

OS X Malware Demands $300 FBI Fine For Viewing, Distributing Porn

timothy posted 1 year,14 days | from the receipt-is-useless dept.

OS X 173

An anonymous reader writes "A new piece of malware is targeting OS X to extort money from victims by accusing them of illegally accessing pornography. Ransomware typically uses claims of breaking the law and names law enforcement (such as the CIA or FBI) to scare victims, but it is usually aimed at Windows users, not Mac users. The security firm Malwarebytes first spotted this latest threat, noting that criminals have ported the ransomware scheme to OS X and are even exploiting a Safari-specific feature. The ransomware page in question gets pushed onto unsuspecting users browsing high-trafficked sites as well as when searching for popular keywords."

cancel ×

173 comments

Sorry! There are no comments related to the filter you selected.

Ok? (4, Insightful)

i kan reed (749298) | 1 year,14 days | (#44298047)

I thought we were past the "being surprised that apple products get malware" stage years ago. This seems like a pretty run-of-the-mill scam. I can't really see what's notable about it. Someone help?

Re:Ok? (2, Funny)

Anonymous Coward | 1 year,14 days | (#44298135)

Apple never have bugs, everything is perfect. Move along now, citizen.

Re:Ok? (2, Funny)

Anonymous Coward | 1 year,14 days | (#44298145)

You know the "x on the internet" effect in which it is somehow more novel than x by itself?
Well "x on a mac" effect is even worse.

Re:Ok? (3, Funny)

Anonymous Coward | 1 year,14 days | (#44298405)

Don't let the patent office hear that.

fixed in 3, 2, 1... (0)

noh8rz9 (2716595) | 1 year,14 days | (#44298779)

...aaand, it's fixed. Apple added the malware to its block list, which all computers update on an hourly basis. another strength of the apple platform, they can quickly shut down anything that gets through their protection net.

Re:Ok? (5, Informative)

SSpade (549608) | 1 year,14 days | (#44298163)

It's not malware. It's just a webpage.

Gullibility isn't OS-specific.

Re:Ok? (1)

SJHillman (1966756) | 1 year,14 days | (#44298463)

Safari isn't OS-specific either, but the primary Safari market is OS X users. So if it's exploiting Safari, then it's probably aimed at Mac users.

Re:Ok? (1)

fazey (2806709) | 1 year,14 days | (#44299233)

Depends on the payload really. I dont know the details of the exploit, but if it requires dumping shellcode... that would make it OS specific.

Re:Ok? (5, Informative)

Rosyna (80334) | 1 year,14 days | (#44299315)

there's no payload and no exploit involved. it's just a webpage that opens another webpage when you try to close it.

Re:Ok? (4, Insightful)

fazey (2806709) | 1 year,14 days | (#44300181)

So how is this "mac specific" or an "exploit"... and not just... a popup?

FTFY (3, Insightful)

SuperKendall (25149) | 1 year,14 days | (#44298315)

I thought we were past the "being surprised that websites get hacked" years ago.

This is not malware, it's a hacked site with annoying javascript. The only news here is how desperate some people are to show that OSX is vulnerable to malware - even when the malware never is installed on the system...

Re:FTFY (0)

Anonymous Coward | 1 year,14 days | (#44298601)

I thought the annoying thing about the infection was the ransom notice put up by the bad guys. This part is okay with you, just not news that it hit OSX?

Re:FTFY (1)

meerling (1487879) | 1 year,14 days | (#44298955)

It's software that is intended for a malicious purpose contrary the wants and needs of the user.
It is malware, it's just not running from a platform usually used for such things.
I guess you think that the various ms word worms aren't malware because they are scripts that run on ms word.
(And yes, those ms word worms are viruses because they are infecting an executable code, even if it's something most people don't realize is executable code. And executable code does not mean .exe files, though those are one type of executable code.)

Re:FTFY (1)

SuperKendall (25149) | 1 year,14 days | (#44299051)

I guess you think that the various ms word worms aren't malware because they are scripts that run on ms word.

No, they are all location on your system. And they have wide access to your system.

Javascript going a bit wild is not malware, any more than any advertisement or popup is. It's just a hacked site.

Re:FTFY (3, Insightful)

jimicus (737525) | 1 year,14 days | (#44299319)

It is malware, it's just not running from a platform usually used for such things.

True, but the important point is the platform in question is not OS X and it is somewhat disingenuous to pretend it is. The platform is "any web browser that automatically reloads the last visited site if you force it to quit".

Re:FTFY (0, Troll)

recoiledsnake (879048) | 1 year,14 days | (#44299281)

The only news here is how desperate some people are to show that OSX is vulnerable to malware - even when the malware never is installed on the system...

Are you implying that OSX isn't vulnerable to malware?

Re:Ok? (1)

interkin3tic (1469267) | 1 year,14 days | (#44298455)

A few weeks ago, the computer in my lab that is connected to two somewhat expensive bits of equipment came down with this. That was more surprising to me. It's connected to the gel imager and is in a common area. People put agarose gels in the imager and then forget to take off their gloves to use the computer. The keyboard is probably covered in ethidium bromide. [wikipedia.org] Why someone would be watching porn on it is beyond me.

I guess on the bright side, semen being on the keyboard isn't a huge concern compared to the EtBr, but the ransomware prevented some people from doing their research. It said we could unlock it and avoid prosecution by paying $300 at the local CVS. I guess that sounds like a good deal to some people, possibly the person who was jerking off with carcinogens.

Re:Ok? (2, Insightful)

Samantha Wright (1324923) | 1 year,14 days | (#44299213)

...well, there's a pretty simple way to check whether or not your fears are founded. Just shine a UV lamp on the keyboard and examine the shapes of the stains. This is like the forensic chemistry equivalent of a textbook physics problem set in a textbook factory.

Porn parity (0)

Anonymous Coward | 1 year,14 days | (#44298081)

At long last, porn parity for the Mac true believers.

Not so Invulnerable now, huh...? (0, Troll)

Anonymous Coward | 1 year,14 days | (#44298099)

I'm not saying Mac OS X has more viruses than Windows, but almost every Mac user I know has this pretentious attitude that they're invulnerable just by virtue of running Mac OS X. Maybe this will help pound some sense into them.

Re:Not so Invulnerable now, huh...? (-1, Offtopic)

SJHillman (1966756) | 1 year,14 days | (#44298175)

We've had issues with employees who want to use their Mac on our network and then raising hell at being required to put an antivirus on it before we'll allow them to connect (we don't even specify an antivirus... any old one will do as long as it's up to date).

Re:Not so Invulnerable now, huh...? (1)

Holi (250190) | 1 year,14 days | (#44298227)

What good does anti-virus software even do. Every machine I have come across that is infected has an up to date av package on it. It doesn't even slow down an infection anymore.

Re:Not so Invulnerable now, huh...? (2)

SJHillman (1966756) | 1 year,14 days | (#44298421)

A proper anti-virus should work quietly behind the scenes. There's no such thing as a fool-proof AV any more than there's a 100% effective vaccine. For every infected machine we have, we have several dozen more that report blocking infections or at least crippling the malware.

Re:Not so Invulnerable now, huh...? (0)

Anonymous Coward | 1 year,14 days | (#44298547)

Anti-virus is really at best 30% effective nowadays anyways..

Re:Not so Invulnerable now, huh...? (1, Flamebait)

flyingfsck (986395) | 1 year,14 days | (#44298335)

Antivirus - to do what? Your ignorance is astounding and you work in IT? Sigh...

Re:Not so Invulnerable now, huh...? (2)

SJHillman (1966756) | 1 year,14 days | (#44298431)

Are you saying you don't use an AV on any of your machines?

Re:Not so Invulnerable now, huh...? (2, Informative)

Vidar Leathershod (41663) | 1 year,14 days | (#44298833)

Well, I certainly don't. As far as I am concerned, it is the same attitude you hear when people say "But we have to do something!!!". It doesn't work. Don't bother. Use a more secure browser. Use an ad-blocker. Have a decent firewall installed. These will help. Perhaps you can enlighten us on which Antivirus program you use on the networks you manage. Then tell us which infections it stopped. I have customers who own solutions from Symantec, VIPRE, Kaspersky, McAfee, AVG, Avira, and Trend (among others I won't take the time to recall). Invariably, those who insist on using IE get infected the most. I have encountered some who get compromised or scammed while using Firefox or Chrome (99% of the time with no ad blocker installed). Not only do the AV packages not stop the infection, but looking in their "quarantine" I never find anything more than tracking cookies. The first rootkit, virus, or whatever that the package encountered was not only not stopped, but crippled the AV.

Often, the AV package is still intact enough to interfere with the proper progress of a legitimate mitigation tool like ComboFix, though.

The customers I have who never get infected? Yeah, they're using Macintoshes, running OS versions between 10.5 and 10.8. Occasionally I see a Mac user who has been tricked into installed MacKeeper (bogus maintenance software) when they don't have an ad-blocker installed. Simple to remove without extra software.

Re:Not so Invulnerable now, huh...? (0)

cusco (717999) | 1 year,14 days | (#44299317)

My wife's nieces and nephews hang out in Internet cafes in Peru, which are virus breeding grounds. We frequently get sent crap through their accounts, and so far Windows Defender and MS Internet Essentials have blocked everything. If you think that antivirus software doesn't do anything than you're living in a fantasy world.

Are you sure? (1)

fuzznutz (789413) | 1 year,14 days | (#44300359)

[...] and so far Windows Defender and MS Internet Essentials have blocked everything.

That you know about...

Re:Not so Invulnerable now, huh...? (0)

Anonymous Coward | 1 year,14 days | (#44299693)

It's my experience that trend micro stops some malware, I use windows defender and it's ok. But yes user habits seem to be the strongest indicator of who is gonna get a virus.

Re:Not so Invulnerable now, huh...? (0)

Anonymous Coward | 1 year,14 days | (#44299491)

No i don't. I use Linux.

Someone had to say it! :)

Re:Not so Invulnerable now, huh...? (1)

Rosyna (80334) | 1 year,14 days | (#44299347)

Perhaps you should become aware of XProtect.

Re:Not so Invulnerable now, huh...? (2)

acariquara (753971) | 1 year,14 days | (#44298199)

2003 called, they wanted their scaremongering back.

If you use OSX and practice safe computing (that means NO JAVA FOR YOU), then yea, you're tough as nails to crack. No OS is idiot-proof, though.

The same can't be said for many variants of Windows, especially those still using XP where inserting an infected thumb drive will wreck havoc on your system, hell no, on your entire enterprise network.

Re:Not so Invulnerable now, huh...? (1)

war4peace (1628283) | 1 year,14 days | (#44298255)

If your 2013 enterprise network is vulnerable to infection spread from a Windows XP machine... trust me, the cause isn't that an unpatched Windows XP installation caught a cough.

Re:Not so Invulnerable now, huh...? (0)

Anonymous Coward | 1 year,14 days | (#44298353)

I've been running on Windows for the past 20 years, and the amount of infections (despite regularly hitting up the warez sites) I can count on one hand.

Also, last time I inserted any USB into my XP box, it popped up a dialog asking what I should do with it. So ya, fanboy will be fanboy.

Re:Not so Invulnerable now, huh...? (2)

MachineShedFred (621896) | 1 year,14 days | (#44299481)

Our corporate Macs which I maintain have an antivirus installed due to policy, but the only thing it ever finds is Windows viruses that arrive via email attachments that manage to get through the email gateway scanner.

The #1 thing that protects our Macs: The user does not have administrative credentials.
The #2 thing that protects our Macs: Applications are all deployed via a centrally managed repository, which allows for #1.

Re:Not so Invulnerable now, huh...? (5, Funny)

MachineShedFred (621896) | 1 year,14 days | (#44298225)

This isn't malware. It's a javascript on a web page.

Calling this malware is like calling a firecracker a weapon of mass destruction.

Re:Not so Invulnerable now, huh...? (2)

AmiMoJo (196126) | 1 year,14 days | (#44298621)

So the GP's point still stands then, any platform with a web browser isn't immune to malware or malware-like scams.

Re:Not so Invulnerable now, huh...? (1)

hjf (703092) | 1 year,14 days | (#44298689)

Is it? A malware program like this has been attacking windows computer lately. It scans IPs for port 3389 (remote desktop) and then tries to brute force into the system. Once it's inside, it runs a script that RARs all your files with a huge random password. Then they demand a $2000 ransom to recover it.

It happened to a customer of mine who "refused to run a VPN because it slowed things down" and had port 3389 open to the public. There are also scans on port 5900 (VNC server).

To be fair: neither an antivirus, nor Mac "invulnerability" would protect you from a brute force attack on remote access ports and using your user account to encrypt data. This particular virus doesn't even need administrative privileges to work.

Re:Not so Invulnerable now, huh...? (1)

zieroh (307208) | 1 year,14 days | (#44299071)

This isn't that malware. This is just an annoying bit of javascript.

Re:Not so Invulnerable now, huh...? (0)

Anonymous Coward | 1 year,14 days | (#44298929)

It does fit the broad definition of "malware".

It is not however that big a deal because it's basically the same level of threat as phishing emails. All you need to defeat it is a modicum of common sense. Really it's probably most effective against teenagers, and the terminally stupid both of which could use the lesson.

No, still pretty invulnerable... (4, Informative)

SuperKendall (25149) | 1 year,14 days | (#44298271)

No product is totally invulnerable. But it's a simple fact that an OSX user can go a long, long time before ever seeing a virus or malware.

That said - this is not an example of the OS being vulnerable, the whole "malware" is Javascript that takes over Safari a bit, basically a hacked website. I'm not even sure if it works if you have popup blocking on. The computer is never compromised.

Re:No, still pretty invulnerable... (1)

dragon-file (2241656) | 1 year,14 days | (#44300317)

No product is totally invulnerable. But it's a simple fact that an OSX user can go a long, long time before ever seeing a virus or malware.

A user can go along time without seeing virus and malware in OSX because OSX holds 7.18% of the market as opposed to Windows 7 and XP at a combined total of 81%.

If I were to write malicious code with the intent to prey on the gullible and make quick money which OS would I target?

Re:Not so Invulnerable now, huh...? (2)

ClaraBow (212734) | 1 year,14 days | (#44298451)

But this is not Malware! Just a rouge website with some crafty Javascript! The Windows version actually locks the computer and you are forced to Re-install Windows! ! On the Mac version, all you have to do is reset safari from the menu-bar and all is well again! It is very annoying to the end user, but that's all!

Re:Not so Invulnerable now, huh...? (4, Funny)

93 Escort Wagon (326346) | 1 year,14 days | (#44298615)

Just a rouge website with some crafty Javascript!

What does the color of the web page have to do with anything?

Re:Not so Invulnerable now, huh...? (1)

ClaraBow (212734) | 1 year,14 days | (#44298719)

Oops! Should have read: rogue! Oh, but rouge rogue does have a nice ring to it!

Re:Not so Invulnerable now, huh...? (1)

93 Escort Wagon (326346) | 1 year,14 days | (#44298807)

"The Rouge Rogue" sounds like a supervillian from the 1950s!

Re:Not so Invulnerable now, huh...? (1)

Em Adespoton (792954) | 1 year,14 days | (#44298755)

Just a rouge website with some crafty Javascript!

What does the color of the web page have to do with anything?

It's from the red light district....

Re:Not so Invulnerable now, huh...? (1)

hjf (703092) | 1 year,14 days | (#44298749)

Different viruses. The one for windows attacks through RDP port. I've seen scans on port 5900 too. Nothing would keep a similar virus from attacking Mac if you run any sort of remote access and a weak password.

The virus for windows encrypt your files and demands a ransom. Nothing would keep a similar virus from doing the same on a mac, since you don't need admin privileges or any sort of exploit to manipulate your own files.

Re:Not so Invulnerable now, huh...? (1)

jimicus (737525) | 1 year,14 days | (#44299365)

The virus for windows encrypt your files and demands a ransom. Nothing would keep a similar virus from doing the same on a mac, since you don't need admin privileges or any sort of exploit to manipulate your own files.

Almost certainly would be a trojan rather than a virus in that case.

Mind you, it's a bit rich to equate "Macs don't get viruses" (true) with "Macs are immune to all forms of malware" (patently false).

Not a virus, how does your foot taste? (4, Insightful)

raymorris (2726007) | 1 year,14 days | (#44298569)

How does that foot in your mouth taste? It's not a virus, and not OSX specific - it's just a web page with some annoying Javascript.

Well I will just tell my wife... (0)

Anonymous Coward | 1 year,14 days | (#44298107)

Well I will just tell my wife that i don't use Safari to surf for porn. Crisis averted.
(I use Firefox Private browsing for that.)
Hmmm...We are good unless she uses Safari for that!!???

Malware (5, Informative)

AlreadyStarted (523251) | 1 year,14 days | (#44298115)

Is this really malware? It's just a webpage with annoying javascript...

Re:Malware (1)

sjames (1099) | 1 year,14 days | (#44298165)

In a minor sense, since the javascript is software.

really there should be a good way to kill the page without resetting everything in the browser.

Re:Malware (2)

AlreadyStarted (523251) | 1 year,14 days | (#44298249)

Looks like holding shift while starting safari solves the problem. No browser reset required. Holding shift tells safari not to open previously open tabs/windows.

Re:Malware (1)

FellowConspirator (882908) | 1 year,14 days | (#44298297)

You could enable the the "Develop" menu in preferences and then select "Disable JavaScript" on the problematic page without having to reset anything (you could also open the JavaScript console and stop it). This really has nothing to do with OS X and isn't even browser-specific. There's, of course, a browser-specific answer to it (it only takes a few minutes to create a Safari plug-in to block it).

Re:Malware (0)

Anonymous Coward | 1 year,14 days | (#44298399)

really there should be a good way to kill the page without resetting everything in the browser.

There is:
- open the JavaScript console
- type (or paste) "function areYouSure() { return false ; } " (without the quotes) at the prompt
- next time the function is called it won't prompt

I guess you could also just set i = 150 and stop the iframe madness.

Re:Malware (1)

acariquara (753971) | 1 year,14 days | (#44298243)

But MACS!!! ARE!!! NOT!!! IMMUNE!!! TO!!! BAD!!! THINGS!!! is way catchier.

Filter: I know it's yelling, I am trying to make a point here.

Re:Malware (1)

SJHillman (1966756) | 1 year,14 days | (#44298257)

The definition in the article is "ransomware is malware which restricts access to the computer it infects, spamming the user with prompts that demand a ransom paid for functionality to be reinstated"

I'd say it qualifies. It restricts access to the computer. Malware usually follows the KISS principle better than most other software, which is one of the reasons why it can become so widespread even though a commercial software package can be a pain in the ass to get it to work. If your software absolutely, positively has to run on every possible computer, talk to a malware author.

Safari related bug (1)

sosume (680416) | 1 year,14 days | (#44298131)

Clever use of a bug in Safari, who would have thought of that.. I'd say the US should be able to knock out this site in a few minutes, by using the provisions in the SOPA act. Right?

I call B.S. (0)

sammy_cda (783295) | 1 year,14 days | (#44298137)

Everyone knows Macs don't get virus right? ;-)

Re:I call B.S. (0)

Anonymous Coward | 1 year,14 days | (#44298411)

Everyone knows Macs don't get virus right? ;-)

This is due to the raw organic diet apples products are raised on. It also means they don't need polio vaccines because their immune systems are so strong they'd never get polio anyway. The problem though is that some people aren't keeping the raw organic diet intended for apple products which is comprising their immune systems along with leading to overall poor health and sluggishness. Also, your Apple product needs at least 3 hours of mediation a day to keep it's chakras online. The good news is if you return your product to a raw organic diet and make sure it gets it's mediation, the immune system of your apple product will return to full strength and kill the virus.

That's right! (0)

Anonymous Coward | 1 year,14 days | (#44298525)

Apple products get worms.

Re:I call B.S. (0)

Anonymous Coward | 1 year,14 days | (#44298769)

Of course they do but this isn't a virus, trojan or even malware.

It's just an annoying web page that doesn't let you close it. No different than a page that opens tabs of goatse or plays "MY BOSS IS A CUNT" really loud.

Annoying but not dangerous (unless you fall for it).

Now unless you think Apple shouldn't allow web browsing on Macs then this is a non event.

You can't get "virus" on a mac... (-1)

Anonymous Coward | 1 year,14 days | (#44298167)

But you can still afford a "doctor" if you buy a PC...

The CIA is not law enforcement (1)

intermodal (534361) | 1 year,14 days | (#44298181)

The CIA is and always has been an intelligence/espionage agency. Blurb is incorrect to call them law enforcement

Re:The CIA is not law enforcement (1)

FellowConspirator (882908) | 1 year,14 days | (#44298321)

... and copyright infringement is a tort, not a crime.

Re:The CIA is not law enforcement (1)

Spy Handler (822350) | 1 year,14 days | (#44298785)

I find a surprising number of people who don't know the difference, not just dumb people but even those with normal intelligence who are competent in their fields.

Perhaps we can illustrate with movie examples. CIA = Jason Bourne, assassin we send abroad to kill foreign nationals who create trouble for the U.S. gov't. They only operate outside the USA, as they are forbidden by law to spy on or kill anyone inside the USA.

FBI = Jodi Foster in Silence of the Lambs, police who catch criminals inside the USA. They have no jurisdiction or power outside the USA.

Been on Windows for awhile.. (2, Insightful)

hairyfeet (841228) | 1 year,14 days | (#44298205)

I've been seeing variations on this one for a year or two now, sometimes connected with the "Yahoo Porn Bug" I wrote about in my journal, sometimes not. The main thing when it comes to a lot of this crap is to explain and assure the public its bullshit, you'd be amazed how many can be put into panic mode by a letter that looks like it comes from authority and of course guys getting child porn charges for Simpsons cartoons and manga really doesn't fucking help matters in that regard.

Now I don't know how it is on OSX but on Windows these kinds of bugs aren't that hard to kill a good tool for the job I've been trying out in the shop is the Emisoft Emergency Kit [emsisoft.com] which is free for personal use but so far looks to be worth the cost of a license if you work in a shop. The whole thing runs on a stick and so far it seems to be pretty damned good at detecting all kinds of bugs and its CLI scanner so far has been pretty good at getting around the run blocks some of the malware uses.

Re:Been on Windows for awhile.. (0)

Anonymous Coward | 1 year,14 days | (#44298507)

That's just it. This doesn't require a "tool" to remove it. It should affect Windows and linux users just as well. The only difference is that Safari actually reloads the previous pages that were open when you start it back up. So, as a result, this annoying website comes back up. Chrome has the same feature built into it, but it might not be turned on by default.

Unlike the windows version for this that have been showing up for quite some time now, this doesn't install anything. It just gets started and uses normal javascript functionality to prevent you from easily getting rid of it. That same javascript should work the same on most browsers regardless of the OS.

So, no need for special tools for this one. Just learning how to use your computer should be sufficient.

Re:Been on Windows for awhile.. (1)

fermion (181285) | 1 year,14 days | (#44298963)

Not really a bug, but rather an implementation. Unfortunately Safari, like IE, allows websites to change the display of a browser window(for instance, no longer display the URL) and to display modal windows that effectively hijack the browser. While there are a few legitimate reasons to allow this, for the most part they are used to keep people on a page against their will.

A lot of this comes from the effort of MS to turn the web browser into an application front end, and many of the legitimate uses are related to using the browser as a dumb terminal. But the risk is significant. On Windows i have IE, only used for sites I know I have to. I try not to go anywhere questionable on a PC. I have had to reformat my computers twice because of problems. On the Mac I have Safari and Firefox. I also have Chrome but it can't be as locked as much so I only use for Google Drive.

It is too bad that we need multiple browsers, but that is life. I really did not realize how hard it was to get a safe browser until Camino was EOL and I had to switch to, and secure, Firefox.

$300 fine (0)

Anonymous Coward | 1 year,14 days | (#44298251)

$300 fine? For each file? I'm bankrupt!!!!!!

Year of the Macintosh desktop. (0)

Anonymous Coward | 1 year,14 days | (#44298253)

Some finally got around to porting windows viruses to macintosh. I think it's time to declare 2013 year of the Macintosh desktop. Sorry linux.

obviously fake (1)

stenvar (2789879) | 1 year,14 days | (#44298305)

Law enforcement is never that straightforward and efficient.

Re:obviously fake (1)

SJHillman (1966756) | 1 year,14 days | (#44298479)

Or that cheap.

Not malware (2, Informative)

Qzukk (229616) | 1 year,14 days | (#44298319)

It's just a site that uses javascript to try and keep you from leaving, which is hard to get out of on safari because if you forcequit safari, safari "recovers" the page when you open it again.

Re:Not malware (4, Informative)

93 Escort Wagon (326346) | 1 year,14 days | (#44298641)

Hold down "Shift" when you re-launch Safari - that'll solve that problem.

Old... (0)

Anonymous Coward | 1 year,14 days | (#44298355)

I saw that infect someones firefox / windows7 machine once. Was a bitch to remove.

It came from a yahoo site ad.

Welcome to popular mac junkies. You're a target now. But you don't have the tools, and skills to deal with these things.
Where windows users have what... 20+ years of dealin with this crap.

Re:Old... (0)

nedlohs (1335013) | 1 year,14 days | (#44298497)

Really, it was a bitch to remove? It's just a web page. If you can't work out how not to look at a web page in firefox in win7 then I'm not sure why you would be trying to fix anything in the first place...

makes sense (0)

slashmydots (2189826) | 1 year,14 days | (#44298501)

It makes sense for them target Macs because of their users. If a person has no idea how to use a computer or the internet, they get a Mac. So yes, target the people stupid enough to fall for this.

Re:makes sense (3, Insightful)

93 Escort Wagon (326346) | 1 year,14 days | (#44298665)

Still bitter about that Mac user stealing your girlfriend, I see...

Re:makes sense (1)

zieroh (307208) | 1 year,14 days | (#44299291)

Wow. 1999 called. They want their meme back.

Re:makes sense (0)

Anonymous Coward | 1 year,14 days | (#44299333)

Because the procedure for putting any other computer on the Internet is so different from a Mac?

Mac: You plug in the cable, and double click a web browser.
Windows: You plug in the cable, and double click a web browser.
Linux: You plug in the cable, and double click a web browser.

Is this where you tell us you are a director of IT and then go on to spew falsehoods about Mac OS X, like half your other posts?

Art (or spam) imitates life? (1)

xtal (49134) | 1 year,14 days | (#44298647)

The cynic in me wonders how long before this stops being malware and starts being efficient delivery of government policy.

Does not appear to be Safari-specific (3, Informative)

sootman (158191) | 1 year,14 days | (#44298651)

It takes advantage of Safari's "restore last window" feature, which is optional (though on by default in some versions) and also available in Firefox and Chrome (and possibly also on by default in some versions.)

And the OS X version is limited to a browser, as opposed to the Windows versions (which I've seen) which lock you out of the whole OS and can be VERY hard to get around.

The author's suggestion is to reset Safari (as in, clear cache, remove cookies, etc.) but wouldn't you also just be able to turn off the "restore session" option and then force-quit and relaunch? Also, you could relaunch, and press 'escape' or 'command-period' repeatedly to keep the page from loading.

Re:Does not appear to be Safari-specific (1)

Em Adespoton (792954) | 1 year,14 days | (#44299165)

It takes advantage of Safari's "restore last window" feature, which is optional (though on by default in some versions) and also available in Firefox and Chrome (and possibly also on by default in some versions.)

And the OS X version is limited to a browser, as opposed to the Windows versions (which I've seen) which lock you out of the whole OS and can be VERY hard to get around.

The author's suggestion is to reset Safari (as in, clear cache, remove cookies, etc.) but wouldn't you also just be able to turn off the "restore session" option and then force-quit and relaunch? Also, you could relaunch, and press 'escape' or 'command-period' repeatedly to keep the page from loading.

hold down shift when restarting after a force quit.

Windows version (1)

phorm (591458) | 1 year,14 days | (#44299893)

I've dealt with the windows version on a few client PC's. It can be a bit of a PITA, but in the cases I've dealt with still seemed to be locked to a given user account (and not the OS).

Doesn't make it any less of a PITA to remove from a user account, especially since it buggers permissions, but the easiest way is usually to create a new user, then boot from safe media, and copy/scan the user's old files to the new account.

Disable JavaScript (1)

Dak RIT (556128) | 1 year,14 days | (#44298693)

Disable JavaScript[1], close page, there's no step 3.

[1] Preferences -> Security Tab -> uncheck 'Enable JavaScript'

$300 FBI fine? (1)

tech.kyle (2800087) | 1 year,14 days | (#44298759)

Where can I get a copy of this malware? Tell the FBI to just deposit the $300 in my savings account.

I'm slightly happy the news is making as much of a fuss over this as they are. As IT, I'm tired of people going "It can't be my problem, I have a Mac."

Most misleading title of the day? (1)

Anonymous Coward | 1 year,14 days | (#44298913)

Since when does "fake FBI warning page with some javascript to prevent you from closing it" qualify as "malware"?

It's like the submitter didn't even RTFA...

So Safari is broken? (1)

140Mandak262Jamuna (970587) | 1 year,14 days | (#44299007)

Even if the user knows it is a fake warning, and even if the user knows it is the site that has been hacked, if Safari will not let the user close the page and move on, it is broken. It should be fixed. Does Safari always restore the old sessions without allowing the user a chance to start fresh sessions? If not it is broken.

Re:So Safari is broken? (1)

MachineShedFred (621896) | 1 year,14 days | (#44299389)

You can turn off that behavior in the app Preferences, which is not locked out by this "malware." Also, hold shift while launching Safari after the force quit, and it won't re-open to last visited.

Desperate (1)

zieroh (307208) | 1 year,14 days | (#44299103)

Calling this malware is a pretty desperate stretch.

We've had these for years (1)

vikingpower (768921) | 1 year,14 days | (#44299179)

Dudes, in Germany and Austria and Switzerland, these scams have been around for years. They usually tell you that your computer has been locked by the police, and that you need to pay a fine in order to get it unblocked. Nothing new here. News at eleven.

Irony (1)

BStorm (107974) | 1 year,14 days | (#44299325)

Yesterday there was a posting about Chris Sevier [slashdot.org] suing Apple for causing his porn addiction. Maybe Chris needs to be infected with this malware.
Load More Comments
Slashdot Login

Need an Account?

Forgot your password?
or Connect with...

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>