Forgot your password?
typodupeerror
OS X Crime

OS X Malware Demands $300 FBI Fine For Viewing, Distributing Porn 173

Posted by timothy
from the receipt-is-useless dept.
An anonymous reader writes "A new piece of malware is targeting OS X to extort money from victims by accusing them of illegally accessing pornography. Ransomware typically uses claims of breaking the law and names law enforcement (such as the CIA or FBI) to scare victims, but it is usually aimed at Windows users, not Mac users. The security firm Malwarebytes first spotted this latest threat, noting that criminals have ported the ransomware scheme to OS X and are even exploiting a Safari-specific feature. The ransomware page in question gets pushed onto unsuspecting users browsing high-trafficked sites as well as when searching for popular keywords."
This discussion has been archived. No new comments can be posted.

OS X Malware Demands $300 FBI Fine For Viewing, Distributing Porn

Comments Filter:
  • Ok? (Score:5, Insightful)

    by i kan reed (749298) on Tuesday July 16, 2013 @11:14AM (#44298047) Homepage Journal

    I thought we were past the "being surprised that apple products get malware" stage years ago. This seems like a pretty run-of-the-mill scam. I can't really see what's notable about it. Someone help?

    • Re: (Score:2, Funny)

      by Anonymous Coward

      Apple never have bugs, everything is perfect. Move along now, citizen.

    • Re: (Score:2, Funny)

      by Anonymous Coward

      You know the "x on the internet" effect in which it is somehow more novel than x by itself?
      Well "x on a mac" effect is even worse.

      • Re: (Score:3, Funny)

        by Anonymous Coward

        Don't let the patent office hear that.

    • Re:Ok? (Score:5, Informative)

      by SSpade (549608) on Tuesday July 16, 2013 @11:21AM (#44298163) Homepage

      It's not malware. It's just a webpage.

      Gullibility isn't OS-specific.

      • Safari isn't OS-specific either, but the primary Safari market is OS X users. So if it's exploiting Safari, then it's probably aimed at Mac users.

      • by jbolden (176878)

        Exactly my first thought. This isn't malware there is nothing particularly OS X about it.

    • FTFY (Score:4, Insightful)

      by SuperKendall (25149) on Tuesday July 16, 2013 @11:28AM (#44298315)

      I thought we were past the "being surprised that websites get hacked" years ago.

      This is not malware, it's a hacked site with annoying javascript. The only news here is how desperate some people are to show that OSX is vulnerable to malware - even when the malware never is installed on the system...

      • by meerling (1487879)
        It's software that is intended for a malicious purpose contrary the wants and needs of the user.
        It is malware, it's just not running from a platform usually used for such things.
        I guess you think that the various ms word worms aren't malware because they are scripts that run on ms word.
        (And yes, those ms word worms are viruses because they are infecting an executable code, even if it's something most people don't realize is executable code. And executable code does not mean .exe files, though those are one
        • I guess you think that the various ms word worms aren't malware because they are scripts that run on ms word.

          No, they are all location on your system. And they have wide access to your system.

          Javascript going a bit wild is not malware, any more than any advertisement or popup is. It's just a hacked site.

        • Re:FTFY (Score:4, Insightful)

          by jimicus (737525) on Tuesday July 16, 2013 @12:34PM (#44299319)

          It is malware, it's just not running from a platform usually used for such things.

          True, but the important point is the platform in question is not OS X and it is somewhat disingenuous to pretend it is. The platform is "any web browser that automatically reloads the last visited site if you force it to quit".

    • A few weeks ago, the computer in my lab that is connected to two somewhat expensive bits of equipment came down with this. That was more surprising to me. It's connected to the gel imager and is in a common area. People put agarose gels in the imager and then forget to take off their gloves to use the computer. The keyboard is probably covered in ethidium bromide. [wikipedia.org] Why someone would be watching porn on it is beyond me.

      I guess on the bright side, semen being on the keyboard isn't a huge concern compar
      • Re: (Score:3, Insightful)

        ...well, there's a pretty simple way to check whether or not your fears are founded. Just shine a UV lamp on the keyboard and examine the shapes of the stains. This is like the forensic chemistry equivalent of a textbook physics problem set in a textbook factory.
        • I could, but I'm just going to continue wearing nitrile gloves and assume there's semen and ethidium bromide all it and everything else in the lab.
  • Malware (Score:5, Informative)

    by AlreadyStarted (523251) on Tuesday July 16, 2013 @11:18AM (#44298115)
    Is this really malware? It's just a webpage with annoying javascript...
    • by sjames (1099)

      In a minor sense, since the javascript is software.

      really there should be a good way to kill the page without resetting everything in the browser.

      • Looks like holding shift while starting safari solves the problem. No browser reset required. Holding shift tells safari not to open previously open tabs/windows.
      • You could enable the the "Develop" menu in preferences and then select "Disable JavaScript" on the problematic page without having to reset anything (you could also open the JavaScript console and stop it). This really has nothing to do with OS X and isn't even browser-specific. There's, of course, a browser-specific answer to it (it only takes a few minutes to create a Safari plug-in to block it).

    • But MACS!!! ARE!!! NOT!!! IMMUNE!!! TO!!! BAD!!! THINGS!!! is way catchier.

      Filter: I know it's yelling, I am trying to make a point here.

    • The definition in the article is "ransomware is malware which restricts access to the computer it infects, spamming the user with prompts that demand a ransom paid for functionality to be reinstated"

      I'd say it qualifies. It restricts access to the computer. Malware usually follows the KISS principle better than most other software, which is one of the reasons why it can become so widespread even though a commercial software package can be a pain in the ass to get it to work. If your software absolutely, pos

  • Clever use of a bug in Safari, who would have thought of that.. I'd say the US should be able to knock out this site in a few minutes, by using the provisions in the SOPA act. Right?

  • by kylus (149953) on Tuesday July 16, 2013 @11:22AM (#44298191) Homepage
    ...a good security measure for the guy suing Apple for not filtering the porn he was addicted to [slashdot.org].
  • by hairyfeet (841228) <.bassbeast1968. .at. .gmail.com.> on Tuesday July 16, 2013 @11:23AM (#44298205) Journal

    I've been seeing variations on this one for a year or two now, sometimes connected with the "Yahoo Porn Bug" I wrote about in my journal, sometimes not. The main thing when it comes to a lot of this crap is to explain and assure the public its bullshit, you'd be amazed how many can be put into panic mode by a letter that looks like it comes from authority and of course guys getting child porn charges for Simpsons cartoons and manga really doesn't fucking help matters in that regard.

    Now I don't know how it is on OSX but on Windows these kinds of bugs aren't that hard to kill a good tool for the job I've been trying out in the shop is the Emisoft Emergency Kit [emsisoft.com] which is free for personal use but so far looks to be worth the cost of a license if you work in a shop. The whole thing runs on a stick and so far it seems to be pretty damned good at detecting all kinds of bugs and its CLI scanner so far has been pretty good at getting around the run blocks some of the malware uses.

    • by fermion (181285)
      Not really a bug, but rather an implementation. Unfortunately Safari, like IE, allows websites to change the display of a browser window(for instance, no longer display the URL) and to display modal windows that effectively hijack the browser. While there are a few legitimate reasons to allow this, for the most part they are used to keep people on a page against their will.

      A lot of this comes from the effort of MS to turn the web browser into an application front end, and many of the legitimate uses are

  • Law enforcement is never that straightforward and efficient.

  • Not malware (Score:2, Informative)

    by Qzukk (229616)

    It's just a site that uses javascript to try and keep you from leaving, which is hard to get out of on safari because if you forcequit safari, safari "recovers" the page when you open it again.

  • The cynic in me wonders how long before this stops being malware and starts being efficient delivery of government policy.

  • by sootman (158191) on Tuesday July 16, 2013 @11:50AM (#44298651) Homepage Journal

    It takes advantage of Safari's "restore last window" feature, which is optional (though on by default in some versions) and also available in Firefox and Chrome (and possibly also on by default in some versions.)

    And the OS X version is limited to a browser, as opposed to the Windows versions (which I've seen) which lock you out of the whole OS and can be VERY hard to get around.

    The author's suggestion is to reset Safari (as in, clear cache, remove cookies, etc.) but wouldn't you also just be able to turn off the "restore session" option and then force-quit and relaunch? Also, you could relaunch, and press 'escape' or 'command-period' repeatedly to keep the page from loading.

  • Disable JavaScript[1], close page, there's no step 3.

    [1] Preferences -> Security Tab -> uncheck 'Enable JavaScript'

  • Even if the user knows it is a fake warning, and even if the user knows it is the site that has been hacked, if Safari will not let the user close the page and move on, it is broken. It should be fixed. Does Safari always restore the old sessions without allowing the user a chance to start fresh sessions? If not it is broken.
  • Calling this malware is a pretty desperate stretch.

  • Dudes, in Germany and Austria and Switzerland, these scams have been around for years. They usually tell you that your computer has been locked by the police, and that you need to pay a fine in order to get it unblocked. Nothing new here. News at eleven.

Can't open /usr/fortunes. Lid stuck on cookie jar.

Working...