Apple Ping!
If you want on or off the Mac Ping List, Freepmail me.
Posted on 07/16/2013 10:53:47 PM PDT by Swordmaker
Malwarebytes takes a look at a method cyber-criminals have begun using to target Mac users with "ransomware", hijacking the user's browser with a notice demanding payment of $300 in order to release control of the application. While similar malware has affected Windows systems for a number of years, Mac users have only rarely seen such efforts targeted at themselves.
The ransomware page is being pushed onto unsuspecting users browsing regular sites but in particular when searching for popular keywords.
Warnings appearing to be from the FBI tell the victim: “you have been viewing or distributing prohibited Pornographic content.. To unlock your computer and to avoid other legal consequences, you are obligated to pay a release fee of $300.”
Rather than a sophisticated hijack of the actual browser software or an installation of a trojan, the ransomware is merely a simple webpage using JavaScript to load 150 iframes that require confirmation to be dismissed, with the authors hoping that users will give up long before they dismiss all of the dialog boxes and simply pay the ransom. As the report notes, a feature on OS X that reopens previously open windows after relaunching an app means that users generally can not simply close and reopen Safari in order to escape the ransomware.
The report details one method to escape the ransomware involving resetting Safari, but misses a far simpler tactic: Simply holding down the Shift key while relaunching Safari will prevent it from reopening windows and tabs from the previous session. Users can also completely disable the reopening feature across OS X from the General pane of System Preferences. Many OS X users may, however, be unfamiliar with such options and find themselves trapped by the ransomware webpage.
The report notes that the ransomware authors are targeting users based on popular search terms, with one example stumbled upon through an image search result for Taylor Swift on Bing.
If you want on or off the Mac Ping List, Freepmail me.
My daughter’s laptop caught this one....had to take it in to Best Buy to get it restored...system restore was possible but the malware (or whatever it’s called) kept it from taking the system restore back far enough.....think it put a false date for the malware install.
Unpossible - everyone knows this cannot happen to a Mac.
Funny i see a thread on this the day after it happened to my wife’s desktop. She was searching glassware prices and got this on her windows desktop.
alt/ctl/delete, stop the browser, empty the cache folder completely, then restart the browser.
The bad guys who write the variants on this malware are good. Very good. It changes constantly. It gets harder to clean each time.
With the ecosystem of the Mac pretty much demanding that the only real remedy is the “restore” I wonder what will happen once most of the malware damages restore so it won’t work properly? People will be REALLY happy then. :) Guess what, just like Windows, but without the decades of experience making cleanup tools.
I had one of these pop up while viewing the Marlin firearms page, kind of lost the scare tactic of “viewing an unlawful porn site” when I was looking at firearms. I was using windows and all I did was reboot to safe mode, restore my system and viola! bad scary web page was gone for good. Pissed me off somewhat however and those guys better hope I never find out who they are.
So, are they jumping all the iphone-users?
Some of these boys are good enough - and professional “AV” people, working at av companies.
We know this. And have delivered the proof (sources, bins and proof-of-origin) to the police. So far, no reaction.
I got this stuff a couple of times years ago but ìt came with a logo that mimicked the AVG logo and said my machine had 20,000 virii and I had to update my antivirus software by using my credit card to send, yes- $300, over a supposedly secure website the warning was trying to direct me to. I got rid of it myself and added Malwarebytes to my arsenal and it is the last virus or other malware to have troubled me.
this happens on Windows - usually its already too late
Perhaps you should try an antivirus.
I have seen it - Win - will not let user even open program manager
F8- fix-restore
it did not seem to have safe mode - which threw me off
It's not a virus or even a Trojan, just a nuisance WEBSITE script that won't go away until you respond to it 150 times. . . It would work on a Windows 8 machine too. But since they don't restore previous sessions automatically... They don't revert.
No, you are wrong. The Mac ecosystem does not rely on the restore but on time machine. Much easier. This was NOT malware. Just a JAVE script trick. Easy to get out of and does not even require time machine, or anything but relaunching Safari. There was no "damage" and no malware can damage them system software on a Mac. It does not operate with the permissions like a Windows machine that allow that to happen.
Nope... Not possible. iPhone doesn't lock up with requesters or restore sessions in the same way. Easy reset too. Different handling of tabs and windows.
Read the article... It's NOT A VIRUS OR EVEN A TROJAN. It's a malicious website . . . It invokes a repetitious JAVA script, that's all, no virus checker can catch this. It's easily gotten out of with the proper knowledge of how to use your Safari browser.
on Windows the same-looking thins is a virus
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.