Catch up on stories from the past week (and beyond) at the Slashdot story archive

 



Forgot your password?
typodupeerror
OS X Crime

OS X Malware Demands $300 FBI Fine For Viewing, Distributing Porn 173

Posted by timothy
from the receipt-is-useless dept.
An anonymous reader writes "A new piece of malware is targeting OS X to extort money from victims by accusing them of illegally accessing pornography. Ransomware typically uses claims of breaking the law and names law enforcement (such as the CIA or FBI) to scare victims, but it is usually aimed at Windows users, not Mac users. The security firm Malwarebytes first spotted this latest threat, noting that criminals have ported the ransomware scheme to OS X and are even exploiting a Safari-specific feature. The ransomware page in question gets pushed onto unsuspecting users browsing high-trafficked sites as well as when searching for popular keywords."
This discussion has been archived. No new comments can be posted.

OS X Malware Demands $300 FBI Fine For Viewing, Distributing Porn

Comments Filter:
  • Malware (Score:5, Informative)

    by AlreadyStarted (523251) on Tuesday July 16, 2013 @11:18AM (#44298115)
    Is this really malware? It's just a webpage with annoying javascript...
  • Re:Ok? (Score:5, Informative)

    by SSpade (549608) on Tuesday July 16, 2013 @11:21AM (#44298163) Homepage

    It's not malware. It's just a webpage.

    Gullibility isn't OS-specific.

  • by SuperKendall (25149) on Tuesday July 16, 2013 @11:26AM (#44298271)

    No product is totally invulnerable. But it's a simple fact that an OSX user can go a long, long time before ever seeing a virus or malware.

    That said - this is not an example of the OS being vulnerable, the whole "malware" is Javascript that takes over Safari a bit, basically a hacked website. I'm not even sure if it works if you have popup blocking on. The computer is never compromised.

  • Not malware (Score:2, Informative)

    by Qzukk (229616) on Tuesday July 16, 2013 @11:28AM (#44298319) Journal

    It's just a site that uses javascript to try and keep you from leaving, which is hard to get out of on safari because if you forcequit safari, safari "recovers" the page when you open it again.

  • Re:Not malware (Score:5, Informative)

    by 93 Escort Wagon (326346) on Tuesday July 16, 2013 @11:49AM (#44298641)

    Hold down "Shift" when you re-launch Safari - that'll solve that problem.

  • by sootman (158191) on Tuesday July 16, 2013 @11:50AM (#44298651) Homepage Journal

    It takes advantage of Safari's "restore last window" feature, which is optional (though on by default in some versions) and also available in Firefox and Chrome (and possibly also on by default in some versions.)

    And the OS X version is limited to a browser, as opposed to the Windows versions (which I've seen) which lock you out of the whole OS and can be VERY hard to get around.

    The author's suggestion is to reset Safari (as in, clear cache, remove cookies, etc.) but wouldn't you also just be able to turn off the "restore session" option and then force-quit and relaunch? Also, you could relaunch, and press 'escape' or 'command-period' repeatedly to keep the page from loading.

  • by Vidar Leathershod (41663) on Tuesday July 16, 2013 @12:01PM (#44298833)

    Well, I certainly don't. As far as I am concerned, it is the same attitude you hear when people say "But we have to do something!!!". It doesn't work. Don't bother. Use a more secure browser. Use an ad-blocker. Have a decent firewall installed. These will help. Perhaps you can enlighten us on which Antivirus program you use on the networks you manage. Then tell us which infections it stopped. I have customers who own solutions from Symantec, VIPRE, Kaspersky, McAfee, AVG, Avira, and Trend (among others I won't take the time to recall). Invariably, those who insist on using IE get infected the most. I have encountered some who get compromised or scammed while using Firefox or Chrome (99% of the time with no ad blocker installed). Not only do the AV packages not stop the infection, but looking in their "quarantine" I never find anything more than tracking cookies. The first rootkit, virus, or whatever that the package encountered was not only not stopped, but crippled the AV.

    Often, the AV package is still intact enough to interfere with the proper progress of a legitimate mitigation tool like ComboFix, though.

    The customers I have who never get infected? Yeah, they're using Macintoshes, running OS versions between 10.5 and 10.8. Occasionally I see a Mac user who has been tricked into installed MacKeeper (bogus maintenance software) when they don't have an ad-blocker installed. Simple to remove without extra software.

  • Re:Ok? (Score:5, Informative)

    by Rosyna (80334) on Tuesday July 16, 2013 @12:33PM (#44299315) Homepage

    there's no payload and no exploit involved. it's just a webpage that opens another webpage when you try to close it.

  • Re:Ok? (Score:3, Informative)

    by tlhIngan (30335) <slashdot@wor[ ]et ['f.n' in gap]> on Tuesday July 16, 2013 @02:03PM (#44300805)

    Safari isn't OS-specific either, but the primary Safari market is OS X users. So if it's exploiting Safari, then it's probably aimed at Mac users.

    It was demonstrated on Safari, but apparently it works on Chrome as well. And I'd say it'll probably work on Firefox too.

    It's especially annoying since the browser helpfully restores your last session when they crash, so this site and its 150 popups make it persistent indeed.

  • Re:Ok? (Score:4, Informative)

    by Gr8Apes (679165) on Tuesday July 16, 2013 @02:33PM (#44301179)
    and easy enough to kill by disabling JS

Dead? No excuse for laying off work.

Working...