Not so dumb!
Hi MacFranco,
Don't worry, it was just a clever animation, not a real scan!
However, you are not naive or stupid and you didn't do anything wrong. Ignore those dunderheads.
Just thank the gods you run Mac OSX, not Windows Vista. This is not a case of spoof links, bad pop-up adverts or fake greetings cards suckering the careless but a hack on a genuine website that redirects you to a malicious page.
MalwareAlert, the "anti-virus" programme at the heart of this scam is a notorious piece of Rogue Software for the Windows OS that masquerades as anti malware but is in fact very malicious. Once installed it makes life hell and effectively blackmails you to pay for its removal.
Though the "scan" was nothing more than an animated webpage, you are lucky to be using a Mac. Even without user intervention, Malware Alert and its associated pages are reportedly able to install spyware on vulnerable PCs.
OK, you are a bit premature blaming Intel processors but, really, I don't get what all this sniping and criticism is about. You just visited a legitimate site and landed on a scam site - and you panicked. Its a pretty convincing page and looks quite heartstopping for second or two if you aren't expecting it. It could have been any legit site.
FYI, Mac Franco, malware generally attacks the OS not the processor so Mac OS is still immune to 99.99% of all viruses, trojans and spyware. Nonetheless this is no reason for us to become lazy. In a year or two all that will change. Mac OS is more secure but not immune and with increasing switchers since the introduction of Intel chips, we are attracting more attention from hackers and virus writers.
I recently experienced exactly the same thing as you did when I collected an eCard from 123Greetings.com though they are not a dodgy site as such. Basically they have been hacked some time over Christmas. Probably the .htaccess files were changed to redirect you to malicious sites.
123Greetings.com are supposed to be a decent and well established company. However when I contacted them about this they ignored all evidence that they had been hacked and insisted they do not install malware on users computers. They just suggested I use Spyboy Search and Destroy if I was worried about my computer - ignoring the fact that I use a Mac. It was a standard reply (crafted to sound friendly and personal) that I have seen reproduced elsewhere on the web when researching this hack.
So what happens is this:
1. A friend sends you a genuine card from 123greetings.com and you receive a notification email
2. You click the link and Safari starts to open the card
3. Before the card loads you are forwarded to performance-optimizer.com/landing...etc or similar
4. A Safari Alert message appears (see photo) and Safari becomes unresponsive until you click OK or CANCEL - where OK is the default.
5. Naturally you click CANCEL and the alert goes away but the page immediately forwards to the second malicious site which appears to be scanning your computer for viruses and you momentarily take fright until you realise it is finding Windows viruses, so obviously fake.
6. You check the page elements and realise it is just an animation
7. You click the back button until you reach your greeting card which now displays as normal
8. You remind yourself what a clever chap you are to be using Mac OS
Of course, if you clicked OK you would be downloading Malware Alert and other malicious software and if you were running Windows, you could be f**ked.
Mac Franco, check your cookies and you will probably find some from
stats.sellmosoft.net (name: Performance-Optmizer)
Malware [something]
and 67.18.150.90 - an address linked with many spamming and forged .htaccess code scams.
These cookies seem to ensure you only experience the problem once, which is a clever bit of social engineering as most people won't bother to complain and it is harder to replicate if you are trying to pin it down.
The problem seems to have been resolved now but 123Greetings still refuse to acknowledge that anything was wrong. I find this irresponsible as their lax site security has exposed thousands of PC users to malware.
SO my position is, I refuse to send or receive cards from 123greetings.com - and shall warn all my PC using friends about them - until they come clean about the fact that they were hacked and email me an apology (or thanks for pointing it out or whatever - some hope!) and warn all their recent users that they may have inadvertently allowed them to become infected. So that will be never then...
Happy New Year
RM
