Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Alert!!! Be careful when using google images and other sites


  • Please log in to reply
37 replies to this topic

#1 computerxpds

computerxpds

    Bleepin' Comp


  • Moderator
  • 4,496 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:06:30 PM

Posted 02 May 2011 - 02:31 PM

First I want to make this clear: THIS ISN'T CONFINED TO GOOGLE IMAGES ONLY IT WAS JUST DISCOVERED THIS WAY.

Just thought I would post this to show mac users that they are not as protected as they really think they are.

This can be avoided with good browsing practices! Also by not using safari for one thing!

http://technolog.msnbc.msn.com/_news/2011/05/02/6570126-malware-attack-specifically-targets-mac-users

Edited by computerxpds, 02 May 2011 - 02:32 PM.

animinionsmalltext.gif
If I have replied to a topic and you reply and I haven't gotten back to you within 48 hours (2 days) then send me a P.M.
Some important links: BC Forum Rules | Misplaced Malware Logs | BC Tutorials | BC Downloads |
Follow BleepingComputer on: Facebook! | Twitter! | Google+| Come join us on the BleepingComputer Live Chat on Discord too! |

BC AdBot (Login to Remove)

 


#2 cryptodan

cryptodan

    Bleepin Madman


  • Members
  • 21,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Catonsville, Md
  • Local time:11:30 PM

Posted 02 May 2011 - 02:36 PM

Its just a matter of time, before malware writers start writing malware targeting both platforms.

#3 computerxpds

computerxpds

    Bleepin' Comp

  • Topic Starter

  • Moderator
  • 4,496 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:06:30 PM

Posted 02 May 2011 - 02:38 PM

yeah that's when I will start using linux as my primary os! lol
animinionsmalltext.gif
If I have replied to a topic and you reply and I haven't gotten back to you within 48 hours (2 days) then send me a P.M.
Some important links: BC Forum Rules | Misplaced Malware Logs | BC Tutorials | BC Downloads |
Follow BleepingComputer on: Facebook! | Twitter! | Google+| Come join us on the BleepingComputer Live Chat on Discord too! |

#4 buddy215

buddy215

  • Moderator
  • 13,409 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:05:30 PM

Posted 03 May 2011 - 04:02 PM

More is coming. Read the article in link below. According to it, Linux OSes and other browsers may soon be facing the same.
Apple Macs Targetted By Crimeware Toolkit::Brought to you by TechWeb
May 03, 2011 (10:05 AM EDT) Apple Macs Targetted By Crimeware Toolkit..............Malware aimed at Macs has unexpectedly spiked in the early days of May. For starters, security experts are warning that the first-ever automated do-it-yourself crimeware kit that targets Apple OS X computers is now for sale on underground forums. ...............

..............Based on videos obtained by CSIS, Kruse said that the toolkit appears to be fully operational. "In the same way as several other DIY crimeware kits designed for PCs, this tool consists of a builder, an admin panel, and supports encryption," he said. "The Weyland-Yutani BOT supports Web injects and form grabbing in Firefox; however both Chrome and Safari will soon follow. The webinjects templates are identical to the ones used in Zeus and [SpyEye]." ................

.......Interestingly, on Tuesday, security software vendor Intego issued another Apple-related security warning, in this case for "MACDefender," which is new fake antivirus software that targets Apple users. Also known as fake AV or scareware, such software pretends to be legitimate antivirus software, but in fact is fake software designed to con users into paying for it. Like much scareware, MACDefender spreads via poisoned search engine results, including searches relating to the death of Osama bin Laden. According to a post to the SANS Internet Storm Center from Rob VandenBrink, a senior consulting engineer at Canadian consulting company Metafore, some users are reporting that the software demands $99 upon installation, payable immediately via PayPal.

The scareware file arrives as a compressed zip file containing a JavaScript executable. VandenBrink warned that "if you have 'Open Safe files after downloading' enabled in Safari, downloading this file will auto-install this code."

According to Intego's security advisory, the risk posed by MACDefender is relatively low, and while the scareware is circulating in the wild, it's doing so in relatively small quantities.

That said, the software does a good job of disguising itself as the real deal. Furthermore, the malware can also make a major nuisance of itself. "MACDefender also opens Web pages for pornographic websites in the user's Web browser every few minutes. This is most likely to make users think that they are infected by a virus, and that paying for MACDefender will relieve them of the problem," said Intego.

While the software is relatively harmless, it's interesting because to date no scareware creators have bothered to target Apple OS X computers. "In the past, these types of sites--very common vectors of Windows malware--only delivered Windows .exe applications," said Intego. "The fact that such a site is providing a Mac rogue antivirus is new, and extremely rare. While the site itself still shows a fake Windows screen, the rogue antivirus itself is a well-designed Mac application."..................




“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#5 caperdog

caperdog

  • BC Advisor
  • 954 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Nova Scotia
  • Local time:07:30 PM

Posted 03 May 2011 - 06:53 PM

thanks for the info Whiz kid and hello again.

#6 MaryBet82

MaryBet82

  • Members
  • 454 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:07:30 PM

Posted 05 May 2011 - 04:33 PM

I figured malcreeps would eventually target macs if the effort/payoff ratio ever got small enough. An automated crimekit may significantly decrease the effort - except it's selling for $1,000. I've been wondering if macs would begin to be targeted by financial-gain type baddies because macs are $expensive$ and theoretically are bought by richer people. [Wrong theory in my case]. I don't know whether social engineering scams, which I guess are not platform specific, are used more than stealing personal info via rootkits/trojans by the $-motivated malcreeps.

I looked into anti-malware mac options months ago, then didn't do anything. Guess I'll have to look again and be prepared to do something if those crimekits get bought and used a lot.

How easy is it to scan for rootkits in a mac? As far as I could tell there were 2 kinds of rootkits in pc's. Those w/ a known signature, I think because they were downloaded from the net, that antivirus programs could id. Then there were rookits written by technobaddies that could only be id'd by an expert - I never could determine what the probability was of a home computer having one of those. None of the articles said if the rootkits on that botnet that was busted could have been id'd if the home computer users had run the right av or if they were the type that required an expert to id. If no randomized checks by experts are being done on home computers and if no one is compiling stats on people whose bank account numbers, pw's, etc are stolen from their computer maybe no one actually knows.
mac 10.6 on macbook pro
WinXP sp2 on Dell 380 w/ 512 MB RAM- currently dead in the water
WinXP tab ed sp 3 on Thinkpad X41 w/ 1.5 GB RAM - lemony flavored
Win2K Sp4 on Sony VAIO GXR600 w/ 512 MB RAM - currently blue screening

#7 buddy215

buddy215

  • Moderator
  • 13,409 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:05:30 PM

Posted 05 May 2011 - 10:05 PM

There must be millions of Google images infected. The reason I say that is because this week I clicked on two of them.
Probably 2 out of 20 or so that I clicked on.
I use Firefox with NoScript addon. NoScript stopped the page from opening that the malware was on.

Mac users can avoid the malware mentioned in the first post by changing one setting in their Safari browser.

You can avoid this happening by just a few clicks to change your settings if you haven't done this already.
Many have. Some haven't. Don't be a victim. Do this:
To ensure you do not automatically download the app, uncheck the following: Safari > Preferences > General > uncheck "Open "safe" files after downloading

Edited by buddy215, 05 May 2011 - 10:06 PM.

“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#8 AmericanGirl

AmericanGirl

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:04:30 PM

Posted 05 May 2011 - 10:09 PM

What if you're using IE?

#9 TechlessOS_3211

TechlessOS_3211

  • Members
  • 112 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Texas
  • Local time:06:30 PM

Posted 05 May 2011 - 10:53 PM

You can avoid this happening by just a few clicks to change your settings if you haven't done this already.
Many have. Some haven't. Don't be a victim. Do this:
To ensure you do not automatically download the app, uncheck the following: Safari > Preferences > General > uncheck "Open "safe" files after downloading

Ran into this today (My AV blocked it).
Still, though, I don't see an option like that in the Windows version of Safari...I wonder if that's just how Apple wrote Safari for PC? (It has a checkbox for "prompt before download" instead.)

Hopefully Mac malware will not become a problem. It'd really be a shame if I can't skirt malware by the time I get my Macbook. Does anyone know how effective this is in Chrome...? Since Chrome is supposedly sandboxed and all.

Thanks for the information, it's good to know.

Edited by TechlessOS_3211, 05 May 2011 - 10:53 PM.


#10 keyboardNinja

keyboardNinja

    Bleepin' Ninja


  • Members
  • 4,815 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:teh interwebz
  • Local time:05:30 PM

Posted 07 May 2011 - 07:04 AM

What a Mac malware attack looks like :blink:
PICNIC - Problem In Chair, Not In Computer

Posted Image Posted Image

20 Things I Learned About Browsers and the Web

#11 cryptodan

cryptodan

    Bleepin Madman


  • Members
  • 21,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Catonsville, Md
  • Local time:11:30 PM

Posted 07 May 2011 - 02:14 PM

Oh my wife got hit by that same fake AV but on windows its called Windows Security. She had upwards of 16 windows popup, and she had to ctrl+alt+del to end firefox.

#12 MarkGS

MarkGS

  • Members
  • 245 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:30 PM

Posted 08 May 2011 - 08:26 AM

It was only a matter of time before it happend. Hopefully apple will be proactive on trying to give a security update.

#13 booterbotter

booterbotter

  • Members
  • 299 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pearl of the Orient
  • Local time:07:30 AM

Posted 09 May 2011 - 11:00 PM

My virtual mac os got attacked too,
It seems its not just through google images that you can get infected but also if you do a google search. Good thing theres a way to get rid of it.

Patience is a true virtue. Never give up, never surrender.
BleepingComputer.com Message Board Rules


#14 computerxpds

computerxpds

    Bleepin' Comp

  • Topic Starter

  • Moderator
  • 4,496 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:06:30 PM

Posted 10 May 2011 - 08:56 PM

I havent had an issue yet which is odd because I usually get hit because I want to get hit lol.
animinionsmalltext.gif
If I have replied to a topic and you reply and I haven't gotten back to you within 48 hours (2 days) then send me a P.M.
Some important links: BC Forum Rules | Misplaced Malware Logs | BC Tutorials | BC Downloads |
Follow BleepingComputer on: Facebook! | Twitter! | Google+| Come join us on the BleepingComputer Live Chat on Discord too! |

#15 computerxpds

computerxpds

    Bleepin' Comp

  • Topic Starter

  • Moderator
  • 4,496 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:06:30 PM

Posted 10 May 2011 - 09:04 PM

http://www.bleepingcomputer.com/forums/topic396473.html link to the new article on this site about the issue and links to removal guides.
animinionsmalltext.gif
If I have replied to a topic and you reply and I haven't gotten back to you within 48 hours (2 days) then send me a P.M.
Some important links: BC Forum Rules | Misplaced Malware Logs | BC Tutorials | BC Downloads |
Follow BleepingComputer on: Facebook! | Twitter! | Google+| Come join us on the BleepingComputer Live Chat on Discord too! |




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users