Free Republic
Browse · Search
General/Chat
Topics · Post Article

Skip to comments.

OSX Users hit with ransomware websites posing as FBI Notices
Macrumors ^ | 7/16/2013

Posted on 07/16/2013 10:53:47 PM PDT by Swordmaker

Malwarebytes takes a look at a method cyber-criminals have begun using to target Mac users with "ransomware", hijacking the user's browser with a notice demanding payment of $300 in order to release control of the application. While similar malware has affected Windows systems for a number of years, Mac users have only rarely seen such efforts targeted at themselves.

The ransomware page is being pushed onto unsuspecting users browsing regular sites but in particular when searching for popular keywords.

Warnings appearing to be from the FBI tell the victim: “you have been viewing or distributing prohibited Pornographic content.. To unlock your computer and to avoid other legal consequences, you are obligated to pay a release fee of $300.”

Rather than a sophisticated hijack of the actual browser software or an installation of a trojan, the ransomware is merely a simple webpage using JavaScript to load 150 iframes that require confirmation to be dismissed, with the authors hoping that users will give up long before they dismiss all of the dialog boxes and simply pay the ransom. As the report notes, a feature on OS X that reopens previously open windows after relaunching an app means that users generally can not simply close and reopen Safari in order to escape the ransomware.

The report details one method to escape the ransomware involving resetting Safari, but misses a far simpler tactic: Simply holding down the Shift key while relaunching Safari will prevent it from reopening windows and tabs from the previous session. Users can also completely disable the reopening feature across OS X from the General pane of System Preferences. Many OS X users may, however, be unfamiliar with such options and find themselves trapped by the ransomware webpage.

The report notes that the ransomware authors are targeting users based on popular search terms, with one example stumbled upon through an image search result for Taylor Swift on Bing.


TOPICS: Business/Economy; Computers/Internet
KEYWORDS: apple; mac; macmalware; malware; osx; ransomware
Navigation: use the links below to view more comments.
first previous 1-2021-37 last
To: Swordmaker

I thought macs didn’t get viruses. I guess that’s a myth.


21 posted on 07/17/2013 12:21:00 AM PDT by JCBreckenridge ("we are pilgrims in an unholy land")
[ Post Reply | Private Reply | To 19 | View Replies]

To: GeronL

Yes, it is... But they can’t get one into an OSX Mac.They’ve tried for fifteen years since OSX Server came out in 1998. Viruses have no viable vector, and the Trojans are being identified by the OS and the user is being warned against downloading them, so they faked their malware with this hokey WEBPAGE as a “quasi-Trojan”, using the JAVA scripting built into HTML coding, hoping to fool users into paying them to do something totally unnecessary. The user can either click the “Leave this Page” requester 150 times to dismiss the script, or much more easier, just quit the Safari browser and relaunch Safari holding down the Shift key to prevent reloading the tabs and pages he’d been visiting before. Voilá! Problem solved. No big deal.


22 posted on 07/17/2013 12:34:43 AM PDT by Swordmaker (This tag line is a Microsoft insult free zone... but if the insults to Mac users continue...)
[ Post Reply | Private Reply | To 20 | View Replies]

To: Swordmaker

also no problem on my Linux


23 posted on 07/17/2013 12:49:12 AM PDT by GeronL
[ Post Reply | Private Reply | To 22 | View Replies]

To: JCBreckenridge
I thought macs didn’t get viruses. I guess that’s a myth.

And this IS NOT A VIRUS. it's not even truly Malware—it's not installed on the computer, downloaded to it, or even running on it—it's a maliciously designed website that uses a particularly long recurring requestor loop in a JAVA script to give the illusion that your browser has been locked. In a way, you might call it a Quasi-Trojan, but it fails to meet even the loose definition of a Trojan horse app. It's more of a snare, a trap, or perhaps a puzzle page.

Like all computers on which applications can be downloaded and installed, Macs ARE vulnerable to Trojan Horse Applications that claim to offer a benefit but also carry a malevolent payload. These use "Social Engineering" means to persuade the user to install the malware themselves. There are currently about forty known Trojans for Mac OSX in about seven families. Apple Mac OSX has a built-in system to identify these known trojans and any variants based on them. OSX warns the user if he attempts to download, install, or run one of these known or variant Trojans. Apple pushes updates as necessary. These Trojans are not considered "viruses" by definition.

A computer virus is malware that is self-replicating, self-transmitting, and self-installing. There have been about fifteen or sixteen attempts at creating a true OSX virus in the past twelve years. . . all have been abject failures for a simple reason: the lack of a viable vector in OSX that could be exploited to promulgate the infection, and the lack of a reliable method of guaranteed installation. One candidate used Blutooth as a vector to transmit his virus. However, it took two Macworld techs, and two Semantic security engineers SIX HOURS just to get it to copy itself from one Mac to another. . . And then, it wouldn't run because it hadn't installedh! Another was successful in copying itself to another Mac via WIFI as data, but was stymied because the data stacks on Macs are hardware non-executable memory locations and code cannot be executed in data stacks. FAIL!

So, Macs are pretty secure when it comes to malware, compared to the competition. . . And it's not because of obscurity. It's by design.

24 posted on 07/17/2013 1:06:53 AM PDT by Swordmaker (This tag line is a Microsoft insult free zone... but if the insults to Mac users continue...)
[ Post Reply | Private Reply | To 21 | View Replies]

To: Swordmaker

“So, Macs are pretty secure when it comes to malware”

Apparently not secure enough.


25 posted on 07/17/2013 2:15:12 AM PDT by JCBreckenridge ("we are pilgrims in an unholy land")
[ Post Reply | Private Reply | To 24 | View Replies]

To: JCBreckenridge

(Sigh)

This is not a virus or a trojan. It does not install any software on your computer. It does not access any information on your computer. It’s a javascript that launches 150 windows. That’s all. It’s more social engineering than malware.


26 posted on 07/17/2013 3:50:44 AM PDT by ReignOfError
[ Post Reply | Private Reply | To 25 | View Replies]

To: JCBreckenridge
Apparently not secure enough.

Are you seriously comparing a web page with 150 popup windows to a Windows virus that causes permanent corruption to system files? I knew once I saw people talking about "restore" that we were dealing with dumb Windows users. This ransonware may prove there are dumb Mac users, but their dumbness doesn't result in system file alteration. It would be interesting to see the hit rate for such malware on Mac vs PC.

27 posted on 07/17/2013 4:00:00 AM PDT by palmer (Obama = Carter + affirmative action)
[ Post Reply | Private Reply | To 25 | View Replies]

To: Swordmaker; NonValueAdded
Unpossible - everyone knows this cannot happen to a Mac.
It's not a virus or even a Trojan, just a nuisance WEBSITE script that won't go away until you respond to it 150 times. . . It would work on a Windows 8 machine too. But since they don't restore previous sessions automatically... They don't revert.
A friend was just asking me about “malware,” which term she didn’t understand. As compared to a virus. I told her that malware was whatever anyone induces your computer to do that you don’t want it to do. So if you look at it that way, simply clicking on a link - it even happen to me on FR once - which had been contaminated with a porno picture would qualify as "induces your computer to do that you don’t want it to do."
On a related topic, I should probably to to the Apple Store and get the “genius” (their term for “tech” which is crafted to be polite to the customer by suggesting that you don’t have to be stupid to have difficulty with a computer) to explain to me some of the fool things I have been doing lately to cause my Mac to sometimes get the “slows.”

Probably just too many tabs open in Safari, or sumpn.


28 posted on 07/17/2013 4:55:33 AM PDT by conservatism_IS_compassion (“Liberalism” is a conspiracy against the public by wire-service journalism.)
[ Post Reply | Private Reply | To 16 | View Replies]

To: conservatism_IS_compassion
On a related topic, I should probably to to the Apple Store and get the “genius” (their term for “tech” which is crafted to be polite to the customer by suggesting that you don’t have to be stupid to have difficulty with a computer) to explain to me some of the fool things I have been doing lately to cause my Mac to sometimes get the “slows.”/i>

Probably just too many tabs open in Safari, or sumpn.


Check out "Memory Clean" from the App Store. If you have multiple tabs open (I keep a bunch of related topics open in tabs on multiple pages) for a couple of days, you will have a great deal of RAM space inactive and fragmented. It is a small menu app that just does what it does by freeing up that memory. Install it and click. It may take about a minute to free up the memory and your browser speed will improve.

Another option is to set your preferences to reopen your last browser session. Quit Safari and restart. Finally, it sometimes helps just to do a restart your computer with your preferences set to reopen your previous Apps and pages.

Hope that helps.

I prefer Memory Clean over Free Memory.
29 posted on 07/17/2013 5:18:07 AM PDT by PA Engineer (Liberate America from the Occupation Media.)
[ Post Reply | Private Reply | To 28 | View Replies]

To: JCBreckenridge

I run OSX, which is basically unix. You cannot damage the unix OS without the root password. That is why unix systems are not very susceptible to viruses. Now Safari OTH, an application running on OSX can be hacked. But that has nothing to do with the underlying OSX.


30 posted on 07/17/2013 5:33:45 AM PDT by central_va (I won't be reconstructed and I do not give a damn.)
[ Post Reply | Private Reply | To 25 | View Replies]

To: JCBreckenridge
Apparently not secure enough.

Show me anything that is "secure enough."

31 posted on 07/17/2013 1:53:11 PM PDT by Swordmaker (This tag line is a Microsoft insult free zone... but if the insults to Mac users continue...)
[ Post Reply | Private Reply | To 25 | View Replies]

To: conservatism_IS_compassion

How many icons do you have on your desktop? That is one thing that will slow down an OSX Mac. Too many and it can slow things significantly. Keep them to just Aliases of folders elsewhere on your hard drive and the problem will go away.

Also, leave your Mac on overnight. The Mac’s UNIX system does housekeeping tasks such as that memory recovery that PAengineer mentioned and defragging and optimizing of the hard drives when the system has been idle for a period. . . but if you turn it off instead of just letting it go to sleep, these never get done. Leave it turned on.


32 posted on 07/17/2013 1:59:51 PM PDT by Swordmaker (This tag line is a Microsoft insult free zone... but if the insults to Mac users continue...)
[ Post Reply | Private Reply | To 28 | View Replies]

To: JCBreckenridge
Apparently not secure enough.

By-the-way, you are STILL misunderstanding this. This is not at all about security. Nothing was breeched with this illusion. Nobody's computer was violated. Nothing was stolen. People MAY have been tricked into GIVING these people $300, freely, because they believed they had to, to get their computers back into working condition, but that was ALL ILLUSION, a trick.

The web browser was just forced into opening 150 sub-windows on the screen, one on top of the other, each demanding to be closed, before the main screen could be closed, or before the user could move to another tab or window. JAVA has that ability built into it to make sure that transactions are fully completed and not left hanging or secure data is not left where it can be mined. These miscreants have merely used it for no good. Combine that with Apple's reloading of previous browser sessions on opening of the browser, and you have a nightmare to get out of it.

There is a simple way, if the user knows it. Most do not, so I posted that solution on FreeRepublic.

33 posted on 07/17/2013 2:08:42 PM PDT by Swordmaker (This tag line is a Microsoft insult free zone... but if the insults to Mac users continue...)
[ Post Reply | Private Reply | To 25 | View Replies]

To: Swordmaker

Thanks


34 posted on 07/17/2013 5:21:43 PM PDT by conservatism_IS_compassion (“Liberalism” is a conspiracy against the public by wire-service journalism.)
[ Post Reply | Private Reply | To 32 | View Replies]

To: Swordmaker

Anyone who isn’t running NoScript and only selectively enabling JS as needed is a fool, these days...more proof here.


35 posted on 07/17/2013 7:24:36 PM PDT by Fire_on_High (RIP City of Heroes and Paragon Studios, victim of the Obamaconomy.)
[ Post Reply | Private Reply | To 24 | View Replies]

To: TheErnFormerlyKnownAsBig

Your daughter’s laptop wasn’t a Mac, was it? Best Buy folks are incredibly ignorant of computer repair - and Macs - LOL...

But to get back to the original post - this isn’t really malware. It is simply a web page opening a bunch of windows via javascript (a big vector for all sorts of computer issues these days). But no computer “catches” this.

Now - there are trojans that show similar behavior - maybe that is what your daughter’s laptop was infected with (assuming again it is not a Mac - which there still isn’t a major threat for).


36 posted on 07/18/2013 9:43:54 PM PDT by TheBattman (Isn't the lesser evil... still evil?)
[ Post Reply | Private Reply | To 3 | View Replies]

To: GeronL

hitmanpro worked for me when nothing else would

had to use a thumbdrive from another computer and start in boot mode


37 posted on 09/01/2013 3:51:18 PM PDT by TurboZamboni (Marx smelled bad & lived with his parents most his life.)
[ Post Reply | Private Reply | To 13 | View Replies]


Navigation: use the links below to view more comments.
first previous 1-2021-37 last

Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.

Free Republic
Browse · Search
General/Chat
Topics · Post Article

FreeRepublic, LLC, PO BOX 9771, FRESNO, CA 93794
FreeRepublic.com is powered by software copyright 2000-2008 John Robinson