Posted on 07/16/2013 10:53:47 PM PDT by Swordmaker
Malwarebytes takes a look at a method cyber-criminals have begun using to target Mac users with "ransomware", hijacking the user's browser with a notice demanding payment of $300 in order to release control of the application. While similar malware has affected Windows systems for a number of years, Mac users have only rarely seen such efforts targeted at themselves.
The ransomware page is being pushed onto unsuspecting users browsing regular sites but in particular when searching for popular keywords.
Warnings appearing to be from the FBI tell the victim: “you have been viewing or distributing prohibited Pornographic content.. To unlock your computer and to avoid other legal consequences, you are obligated to pay a release fee of $300.”
Rather than a sophisticated hijack of the actual browser software or an installation of a trojan, the ransomware is merely a simple webpage using JavaScript to load 150 iframes that require confirmation to be dismissed, with the authors hoping that users will give up long before they dismiss all of the dialog boxes and simply pay the ransom. As the report notes, a feature on OS X that reopens previously open windows after relaunching an app means that users generally can not simply close and reopen Safari in order to escape the ransomware.
The report details one method to escape the ransomware involving resetting Safari, but misses a far simpler tactic: Simply holding down the Shift key while relaunching Safari will prevent it from reopening windows and tabs from the previous session. Users can also completely disable the reopening feature across OS X from the General pane of System Preferences. Many OS X users may, however, be unfamiliar with such options and find themselves trapped by the ransomware webpage.
The report notes that the ransomware authors are targeting users based on popular search terms, with one example stumbled upon through an image search result for Taylor Swift on Bing.
I thought macs didn’t get viruses. I guess that’s a myth.
Yes, it is... But they can’t get one into an OSX Mac.They’ve tried for fifteen years since OSX Server came out in 1998. Viruses have no viable vector, and the Trojans are being identified by the OS and the user is being warned against downloading them, so they faked their malware with this hokey WEBPAGE as a “quasi-Trojan”, using the JAVA scripting built into HTML coding, hoping to fool users into paying them to do something totally unnecessary. The user can either click the “Leave this Page” requester 150 times to dismiss the script, or much more easier, just quit the Safari browser and relaunch Safari holding down the Shift key to prevent reloading the tabs and pages he’d been visiting before. Voilá! Problem solved. No big deal.
also no problem on my Linux
And this IS NOT A VIRUS. it's not even truly Malware—it's not installed on the computer, downloaded to it, or even running on it—it's a maliciously designed website that uses a particularly long recurring requestor loop in a JAVA script to give the illusion that your browser has been locked. In a way, you might call it a Quasi-Trojan, but it fails to meet even the loose definition of a Trojan horse app. It's more of a snare, a trap, or perhaps a puzzle page.
Like all computers on which applications can be downloaded and installed, Macs ARE vulnerable to Trojan Horse Applications that claim to offer a benefit but also carry a malevolent payload. These use "Social Engineering" means to persuade the user to install the malware themselves. There are currently about forty known Trojans for Mac OSX in about seven families. Apple Mac OSX has a built-in system to identify these known trojans and any variants based on them. OSX warns the user if he attempts to download, install, or run one of these known or variant Trojans. Apple pushes updates as necessary. These Trojans are not considered "viruses" by definition.
A computer virus is malware that is self-replicating, self-transmitting, and self-installing. There have been about fifteen or sixteen attempts at creating a true OSX virus in the past twelve years. . . all have been abject failures for a simple reason: the lack of a viable vector in OSX that could be exploited to promulgate the infection, and the lack of a reliable method of guaranteed installation. One candidate used Blutooth as a vector to transmit his virus. However, it took two Macworld techs, and two Semantic security engineers SIX HOURS just to get it to copy itself from one Mac to another. . . And then, it wouldn't run because it hadn't installedh! Another was successful in copying itself to another Mac via WIFI as data, but was stymied because the data stacks on Macs are hardware non-executable memory locations and code cannot be executed in data stacks. FAIL!
So, Macs are pretty secure when it comes to malware, compared to the competition. . . And it's not because of obscurity. It's by design.
“So, Macs are pretty secure when it comes to malware”
Apparently not secure enough.
(Sigh)
This is not a virus or a trojan. It does not install any software on your computer. It does not access any information on your computer. It’s a javascript that launches 150 windows. That’s all. It’s more social engineering than malware.
Are you seriously comparing a web page with 150 popup windows to a Windows virus that causes permanent corruption to system files? I knew once I saw people talking about "restore" that we were dealing with dumb Windows users. This ransonware may prove there are dumb Mac users, but their dumbness doesn't result in system file alteration. It would be interesting to see the hit rate for such malware on Mac vs PC.
It's not a virus or even a Trojan, just a nuisance WEBSITE script that won't go away until you respond to it 150 times. . . It would work on a Windows 8 machine too. But since they don't restore previous sessions automatically... They don't revert.Unpossible - everyone knows this cannot happen to a Mac.
A friend was just asking me about “malware,” which term she didn’t understand. As compared to a virus. I told her that malware was whatever anyone induces your computer to do that you don’t want it to do. So if you look at it that way, simply clicking on a link - it even happen to me on FR once - which had been contaminated with a porno picture would qualify as "induces your computer to do that you don’t want it to do."On a related topic, I should probably to to the Apple Store and get the “genius” (their term for “tech” which is crafted to be polite to the customer by suggesting that you don’t have to be stupid to have difficulty with a computer) to explain to me some of the fool things I have been doing lately to cause my Mac to sometimes get the “slows.”Probably just too many tabs open in Safari, or sumpn.
I run OSX, which is basically unix. You cannot damage the unix OS without the root password. That is why unix systems are not very susceptible to viruses. Now Safari OTH, an application running on OSX can be hacked. But that has nothing to do with the underlying OSX.
Show me anything that is "secure enough."
How many icons do you have on your desktop? That is one thing that will slow down an OSX Mac. Too many and it can slow things significantly. Keep them to just Aliases of folders elsewhere on your hard drive and the problem will go away.
Also, leave your Mac on overnight. The Mac’s UNIX system does housekeeping tasks such as that memory recovery that PAengineer mentioned and defragging and optimizing of the hard drives when the system has been idle for a period. . . but if you turn it off instead of just letting it go to sleep, these never get done. Leave it turned on.
By-the-way, you are STILL misunderstanding this. This is not at all about security. Nothing was breeched with this illusion. Nobody's computer was violated. Nothing was stolen. People MAY have been tricked into GIVING these people $300, freely, because they believed they had to, to get their computers back into working condition, but that was ALL ILLUSION, a trick.
The web browser was just forced into opening 150 sub-windows on the screen, one on top of the other, each demanding to be closed, before the main screen could be closed, or before the user could move to another tab or window. JAVA has that ability built into it to make sure that transactions are fully completed and not left hanging or secure data is not left where it can be mined. These miscreants have merely used it for no good. Combine that with Apple's reloading of previous browser sessions on opening of the browser, and you have a nightmare to get out of it.
There is a simple way, if the user knows it. Most do not, so I posted that solution on FreeRepublic.
Thanks
Anyone who isn’t running NoScript and only selectively enabling JS as needed is a fool, these days...more proof here.
Your daughter’s laptop wasn’t a Mac, was it? Best Buy folks are incredibly ignorant of computer repair - and Macs - LOL...
But to get back to the original post - this isn’t really malware. It is simply a web page opening a bunch of windows via javascript (a big vector for all sorts of computer issues these days). But no computer “catches” this.
Now - there are trojans that show similar behavior - maybe that is what your daughter’s laptop was infected with (assuming again it is not a Mac - which there still isn’t a major threat for).
hitmanpro worked for me when nothing else would
had to use a thumbdrive from another computer and start in boot mode
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.