Go Back   MacRumors Forums > Apple Applications > Mac Applications and Mac App Store

Reply
 
Thread Tools Search this Thread Display Modes
Old Mar 5, 2011, 04:09 PM   #1
karsten
macrumors 6502a
 
karsten's Avatar
 
Join Date: Sep 2010
malware in safari?

EDIT- I figured out where the malware was coming from- its' coming from a Safari extension called "Magic Scroll". it's written by the "Slice Factory," it's supposed to make your scrolling better, which it does, but apparently it written by some malware company that distributes a bunch of stuff. i tracked down their website and sure enough they produce both this scrolling and the price finding add-on. they don't tell you running the mouse add-on will enable the other one however. i got this straight from apple's site i'm going to report it to them hopefully others don't have this same problem. at least you know how to get rid of it now.


ok i feel dumb, on amazon i'm getting this popup in the bottom right of the screen about finding the best deal, the popup says it's the "Best price add-on" but i never installed that. i don't see it in safari's extensions, i assume some program installed it so how do i get rid of it? thanks

Last edited by karsten; Mar 5, 2011 at 04:46 PM.
karsten is offline   0 Reply With Quote
Old Mar 7, 2011, 12:13 PM   #2
Gorilla'sMom
macrumors newbie
 
Join Date: Mar 2011
Where does "Magic Scroll" hide it's malware?

I had the same problem with this "BestPrice" add-on - but I can't find any extension installed called "Magic Scroll" or anything by Slice Factory. I would like to get rid of this, but I'd also like to know where it came from in the first place!


Quote:
Originally Posted by karsten View Post
EDIT- I figured out where the malware was coming from- its' coming from a Safari extension called "Magic Scroll". it's written by the "Slice Factory," it's supposed to make your scrolling better, which it does, but apparently it written by some malware company that distributes a bunch of stuff. i tracked down their website and sure enough they produce both this scrolling and the price finding add-on. they don't tell you running the mouse add-on will enable the other one however. i got this straight from apple's site i'm going to report it to them hopefully others don't have this same problem. at least you know how to get rid of it now.


ok i feel dumb, on amazon i'm getting this popup in the bottom right of the screen about finding the best deal, the popup says it's the "Best price add-on" but i never installed that. i don't see it in safari's extensions, i assume some program installed it so how do i get rid of it? thanks
Gorilla'sMom is offline   0 Reply With Quote
Old Mar 7, 2011, 12:19 PM   #3
karsten
Thread Starter
macrumors 6502a
 
karsten's Avatar
 
Join Date: Sep 2010
Quote:
Originally Posted by Gorilla'sMom View Post
I had the same problem with this "BestPrice" add-on - but I can't find any extension installed called "Magic Scroll" or anything by Slice Factory. I would like to get rid of this, but I'd also like to know where it came from in the first place!
About the only thing you can do is disable the extensions one by one til you figure out which one it is. You have to restart safari each time too.
karsten is offline   0 Reply With Quote
Old Mar 7, 2011, 12:24 PM   #4
Gorilla'sMom
macrumors newbie
 
Join Date: Mar 2011
Thanks, I'll try that - weird thing is I haven't added any new extensions for ages and this thing just popped up today.

Quote:
Originally Posted by karsten View Post
About the only thing you can do is disable the extensions one by one til you figure out which one it is. You have to restart safari each time too.
Gorilla'sMom is offline   0 Reply With Quote
Old Mar 7, 2011, 12:42 PM   #5
Gorilla'sMom
macrumors newbie
 
Join Date: Mar 2011
Found the "BestPrice" addon

I found which extension was causing the problem - PrintPlus 1.0 - and guess what? It's also by Slice Factory. I'm also going to lodge a complaint with Apple. Looks like they're adding malware to a lot of their programs....

Quote:
Originally Posted by Gorilla'sMom View Post
Thanks, I'll try that - weird thing is I haven't added any new extensions for ages and this thing just popped up today.
Gorilla'sMom is offline   0 Reply With Quote
Old Mar 7, 2011, 12:52 PM   #6
Big-TDI-Guy
macrumors 68030
 
Big-TDI-Guy's Avatar
 
Join Date: Jan 2007
Huge concidence here - my Safari today has been acting REALLY weird - so much so I just reset it, and I'm not using it currently.

Started on MR - I got a finder popup from my firewall saying Application "Safari" is attempting to access the internet - clicking "no" may change it's performance. (or something to that extent)

I quit Safari and it was still there (hence I don't think it was a random popup window)

I hit cancel, and went about my business. Relaunched Safari and went to Amazon - after my SSL purchase on Amazon - it stated an invalid certificate (from Amazon, WTF?) and it had some jazz about somethingsomethingMedia.com as the site not having proper credentials. (should have captured a screenshot of this) Given that I had not navigated to this sight - nor had this happen with Amazon.com in years - I quit.

Reset Safari entirely - have not touched it since. Went to another device, using another browser, and changed my Amazon.com password.

Likelihood of this being related? Not big - but figured I'd share my odd occurrence...
Big-TDI-Guy is offline   0 Reply With Quote
Old Mar 21, 2011, 10:59 PM   #7
kgtenacious
macrumors member
 
Join Date: Jun 2010
I had this same problem with Slice Factory's "Print Plus" - if you look in (in my case) ~/Library/Safari/LocalStorage/safari-extension_com.slicefactory.printplus-wk8yrear33_0.localstorage you can figure out that the code for the malware is in there.
kgtenacious is offline   0 Reply With Quote
Old Mar 21, 2011, 11:03 PM   #8
GGJstudios
macrumors Westmere
 
Join Date: May 2008
Just a suggestion: you may want to change the title of this thread to include the name of the offending extension, so if someone is searching for feedback on it, they'll find this thread.
GGJstudios is offline   0 Reply With Quote
Old Mar 22, 2011, 12:43 AM   #9
munkery
macrumors 68020
 
munkery's Avatar
 
Join Date: Dec 2006
Tested the following slice factory extensions: 1) Print Plus 2) Dictionary 3) Magic Scroll. All were installed from the Safari Extension Gallery.

I was not able to reproduce the adware behaviour stated by others.

I had ad blocking and plugin blocking disabled during the test. Accept cookies was set to always, all web content settings were enabled, and pop-up windows were allowed.

I also navigated to the Slice Factory website with the extensions installed to see if a cookie set by that webpage initiated the behaviour. I did not install the extensions from the Slice Factory website so that may be a factor in not reproducing the pop-up.
__________________
Mac Security Suggestions

Last edited by munkery; Mar 22, 2011 at 12:51 AM.
munkery is offline   0 Reply With Quote
Old Mar 22, 2011, 01:04 AM   #10
nec207
macrumors 6502
 
Join Date: Mar 2011
That me say this again as more people before get bad at windows 7 and windows vista and move to Mac computers and Linux and run has root the computer will get malware.

All mac computers OSx and most Linux the root account is locked you are admin user that can run sudo command or SU to actually Switch-User to a root user when you need root privilege.You should not be running has root.

If you do so and with popularity of Mac computers and Linux than windows more malware will make its way out.

Look even apple say you need firewall and you should not be running as root user .No need for anti-virus to date only 3 virus out there for Mac in past 5 years and like none for Linux .

None of my frends that use Linux or Mac computer run as root and never got malware they download lots of free movies and free music where PC will get malware in less than week going to those sites.
nec207 is offline   0 Reply With Quote
Old Mar 22, 2011, 10:40 AM   #11
old-wiz
macrumors 604
 
Join Date: Mar 2008
Location: West Suburban Boston Ma
Quote:
Originally Posted by nec207 View Post

Look even apple say you need firewall and you should not be running as root user .No need for anti-virus to date only 3 virus out there for Mac in past 5 years and like none for Linux .
There are zero viruses in the wild for the Mac. ZERO.
old-wiz is offline   0 Reply With Quote
Old Mar 22, 2011, 10:56 AM   #12
GGJstudios
macrumors Westmere
 
Join Date: May 2008
Quote:
Originally Posted by nec207 View Post
If you do so and with popularity of Mac computers and Linux than windows more malware will make its way out.
There's the market share myth again!
Quote:
Originally Posted by nec207 View Post
No need for anti-virus to date only 3 virus out there for Mac in past 5 years
There has never been a virus in the wild that runs on Mac OS X, which was introduced 10 years ago. The handful of trojans that exist can be easily avoided with some education and common sense and care in what software you install:
Mac Virus/Malware Info
GGJstudios is offline   0 Reply With Quote
Old Mar 22, 2011, 11:33 AM   #13
Consultant
macrumors G5
 
Consultant's Avatar
 
Join Date: Jun 2007
Quote:
Originally Posted by nec207 View Post
That me say this again as more people before get bad at windows 7 and windows vista and move to Mac computers and Linux and run has root the computer will get malware.

All mac computers OSx and most Linux the root account is locked you are admin user that can run sudo command or SU to actually Switch-User to a root user when you need root privilege.You should not be running has root.

If you do so and with popularity of Mac computers and Linux than windows more malware will make its way out.

Look even apple say you need firewall and you should not be running as root user .No need for anti-virus to date only 3 virus out there for Mac in past 5 years and like none for Linux .

None of my frends that use Linux or Mac computer run as root and never got malware they download lots of free movies and free music where PC will get malware in less than week going to those sites.
WRONG. Mac OS does NOT run as root by default.
Consultant is offline   0 Reply With Quote
Old Mar 22, 2011, 11:37 AM   #14
GGJstudios
macrumors Westmere
 
Join Date: May 2008
Quote:
Originally Posted by Consultant View Post
WRONG. Mac OS does NOT run as root by default.
I think that's what they were saying:
Quote:
Originally Posted by nec207 View Post
All mac computers OSx and most Linux the root account is locked you are admin user that can run sudo command or SU to actually Switch-User to a root user when you need root privilege.You should not be running has root.
GGJstudios is offline   0 Reply With Quote
Old Mar 22, 2011, 02:36 PM   #15
nec207
macrumors 6502
 
Join Date: Mar 2011
Quote:
Originally Posted by GGJstudios View Post
There's the market share myth again!

There has never been a virus in the wild that runs on Mac OS X, which was introduced 10 years ago. The handful of trojans that exist can be easily avoided with some education and common sense and care in what software you install:
Mac Virus/Malware Info
For example, it prevents hackers from harming your programs through a technique called “sandboxing” — restricting what actions programs can perform on your Mac, what files they can access, and what other programs they can launch.
Read
http://www.apple.com/macosx/security/


All successful, and most plausible, malware attacks on Mac OS X have occurred in the last 2 years with the last quarter of 2007 being particularly prolific. Market penetration and overall sales of the Mac OS X system have directly mirrored development of malware, a phenomenon also demonstrated with other operating systems such as Microsoft Windows. Based on this data there is no reason to believe the trend will not continue as Apple continues to increase their market share.


http://www.macforensicslab.com/Produ...roducts_id=174


OS X 10.5 Leopard introduces new sandboxing technology to show a dialog box to the user before running any new program downloaded from the Internet. Software downloaded from the Internet, both from the mail and from browser applications, is marked as suspicious and will not be executed until the user clicks on a confirmation dialog box to explicitly allow it to run.


When reading comments on articles about Mac security, you find many people who are in denial about malware that targets the Mac. Granted, there are far fewer viruses, worms and Trojan horses affecting Macs than Windows PCs, but the risk is real, and it’s getting worse. In fact, the complacency of Mac users, who have almost been led to believe that their platform is germ-free, may lead to more serious outbreaks should virulent malware target the Mac. Most Mac users don’t know how to react to a malware attack.

If we look at 2009, we can see that malware writers are increasingly targeting the Mac. In January, shortly after Apple announced a new version of its iWork suite of productivity software, malware writers took advantage of it. Mac users who downloaded the software via BitTorrent were also treated to the iServices Trojan horse, hidden inside the iWork installer. The iServices Trojan opened a back door on infected Macs, and it connected to remote servers to download new code. It was actively used as part of a botnet that was involved in distributed denial of service attacks and more.


Read more: http://www.computing.co.uk/ctg/opini...#ixzz1HM48HawS
Computing - Insight for IT leaders Claim your free subscription today.
nec207 is offline   0 Reply With Quote
Old Mar 22, 2011, 03:11 PM   #16
GGJstudios
macrumors Westmere
 
Join Date: May 2008
First, there's no need to bold everything. I've read all that before.
Quote:
Originally Posted by nec207 View Post
Granted, there are far fewer viruses, worms and Trojan horses affecting Macs
To be accurate, there are zero viruses and worms and only a handful of trojans. Again, no one is saying Macs are immune to malware threats; only that antivirus software isn't needed to protect against the few trojan threats that do exist. How many times must this be said before people actually read and comprehend it?

The "market share" theory suggests:
larger market share = more visibility = more malware
This is not proven by actual events. Ten years ago, when Macs represented a much smaller market share and a much smaller installed base, there were a handful of viruses that could affect Mac OS 9 and earlier. Today, Macs have a much larger market share and much larger installed base with Mac OS X (and growing at a rate of over a million Macs per month), but the number of viruses has not increased proportionately.... or at all... in fact, the number has decreased to zero. The market share theory doesn't work. Period.
GGJstudios is offline   0 Reply With Quote
Old Mar 22, 2011, 04:53 PM   #17
munkery
macrumors 68020
 
munkery's Avatar
 
Join Date: Dec 2006
Quote:
Originally Posted by nec207 View Post
All successful, and most plausible, malware attacks on Mac OS X have occurred in the last 2 years with the last quarter of 2007 being particularly prolific. Market penetration and overall sales of the Mac OS X system have directly mirrored development of malware, a phenomenon also demonstrated with other operating systems such as Microsoft Windows. Based on this data there is no reason to believe the trend will not continue as Apple continues to increase their market share.


http://www.macforensicslab.com/Produ...roducts_id=174
Much of the information in the PDF associated with this article is incorrect. For example:

Page 26

It refers to the bundle architecture as insecure. The argument presented would be true if security sensitive apps were not owned by system. Given that they are owned by system, malware cannot modify the bundle of an app owned by system without authentication when the app is run with user privileges in an admin or standard account.

For example, show package contents of iTunes, Safari, or Mail and try to create a folder in the bundle. In relation to the example in the article, try renaming iTunes.

Apps not owned by system are vulnerable but without privilege escalation can not install rootkits or keyloggers. Even apps owned by system run with user privileges and require privilege escalation to install dangerous payloads.

Mac OS X does not prompt for authentication if you install apps in the proper location for that user account type. When installed in the proper location, apps are sandboxed from the system level of Mac OS X by the Unix DAC model used within Mac OS X.

Windows is less secure because most apps (Chrome only exception I can recall) install their associated files in levels of the system that require authentication regardless of user account type (unless Admin in Windows XP because running as superuser - no authentication required to install with elevated privileges - very dangerous). It is easier to trick Windows users to install a trojan with elevated privileges given that almost all apps ask for authentication to install and the user can not distinguish the intent of that authentication.

Page 30

The claim that the Application folder is unprotected is false. Security sensitive apps within the Application folder are owned by system.

Also, security sensitive system binaries are still stored in /bin and /sbin in Mac OS X.

Page 31

The ability to read the contacts stored in Address Book could be used by a worm to propagate. But, malware that uses this to spread is not likely to appear in the wild if the malware is not profitable. It is unlikely that malware will be profitable without being able to hook (this is a specific function) into apps owned by system.

Page 33

Starts off talking about trojans, trojans are easily avoided with user knowledge in Mac OS X because most apps do not require authentication to install if installed in the appropriate location where the Unix DAC model protects the system.

Viruses using the model shown in the article will not be successful without privilege escalation. This is the reason why Mac OS X malware is not successful in the wild.

By default, very few server side services are exposed in Mac OS X and those that are exposed are sandboxed. Vectors for worm propagation are limited to client side. Client side worms require authentication to install and spread if do not include privilege escalation via exploitation because of the Unix DAC model used in Mac OS X. Trojans used to trick users to authenticate are less likely to be successful in Mac OS X as stated above.
__________________
Mac Security Suggestions

Last edited by munkery; Mar 22, 2011 at 10:17 PM.
munkery is offline   0 Reply With Quote
Old Mar 25, 2011, 07:22 AM   #18
Cognita
macrumors newbie
 
Join Date: Mar 2011
I also had this malware. I was using 4 extensions at the time: PrintPlus 1.0, CustomSearch, AdBlock, and Plugin Customs (all installed directly from Safari Extensions Gallery). AdBlock and Plugin blocking were fully enabled.

The Amazon Best Price add-on popped up within the same hour that I actually USED PrintPlus for the first time, which was about 2 weeks after I installed it. It informed me proudly that it was "embedded in my browser." I freaked out. Could the catalyst have been the actual USE of PrintPlus, as compared to just the installation of it?

I deleted it (and a bunch of other crap that came with it) from ~/Library/Safari/LocalStorage/... It hasn't come back. Ick.
Cognita is offline   0 Reply With Quote
Old Mar 25, 2011, 10:16 AM   #19
MisterMe
macrumors G4
 
Join Date: Jul 2002
Location: USA
Quote:
Originally Posted by Cognita View Post
I also had this malware. ...
Calling this kind of software "malware" debases the term and confuses others. You installed extensions with hidden adware. Shame on the developers who produce this stuff. "Legitimate" developers should not mimic the tactics of malware developers. Complain to the extension developer. Complain to Apple. Complain to the companies whose products and services are advertised by this crap. Let them know that you will not patronize any company that advertises in this way.
__________________
Neither a borrower nor a lender be
For loan oft loses both itself and friend
William Shakespeare from Hamlet
MisterMe is online now   0 Reply With Quote
Old Mar 25, 2011, 10:47 AM   #20
Cognita
macrumors newbie
 
Join Date: Mar 2011
Thanks for the "adware" vs "malware" tip. I'm still a novice and the clarification is appreciated. I wasn't sure of the protocol for something like this, so I sent an immediate bug report to apple with a screen shot and I also reported it via the apple website.

That's also a good idea to complain to the companies who are advertised by the adware. I guess that would be Amazon directly? It's worth a try.
Cognita is offline   0 Reply With Quote
Old Mar 25, 2011, 12:39 PM   #21
GGJstudios
macrumors Westmere
 
Join Date: May 2008
Quote:
Originally Posted by Cognita View Post
Thanks for the "adware" vs "malware" tip. I'm still a novice and the clarification is appreciated.
Read the Virus/Malware link in post #12 to get more clarification on this topic.
GGJstudios is offline   0 Reply With Quote
Old Apr 15, 2011, 04:55 AM   #22
nec207
macrumors 6502
 
Join Date: Mar 2011
Quote:
Originally Posted by GGJstudios View Post
First, there's no need to bold everything. I've read all that before.

To be accurate, there are zero viruses and worms and only a handful of trojans. Again, no one is saying Macs are immune to malware threats; only that antivirus software isn't needed to protect against the few trojan threats that do exist. How many times must this be said before people actually read and comprehend it?

The "market share" theory suggests:
larger market share = more visibility = more malware
This is not proven by actual events. Ten years ago, when Macs represented a much smaller market share and a much smaller installed base, there were a handful of viruses that could affect Mac OS 9 and earlier. Today, Macs have a much larger market share and much larger installed base with Mac OS X (and growing at a rate of over a million Macs per month), but the number of viruses has not increased proportionately.... or at all... in fact, the number has decreased to zero. The market share theory doesn't work. Period.
I think we should say most anti-virus programs also scan for worms,spyware and adware .

Mostly it is spyware,adware,keyloggers ,trojan that is problem .


Quote:
It refers to the bundle architecture as insecure. The argument presented would be true if security sensitive apps were not owned by system. Given that they are owned by system, malware cannot modify the bundle of an app owned by system without authentication when the app is run with user privileges in an admin or standard account.

For example, show package contents of iTunes, Safari, or Mail and try to create a folder in the bundle. In relation to the example in the article, try renaming iTunes.

Apps not owned by system are vulnerable but without privilege escalation can not install rootkits or keyloggers. Even apps owned by system run with user privileges and require privilege escalation to install dangerous payloads.

Mac OS X does not prompt for authentication if you install apps in the proper location for that user account type. When installed in the proper location, apps are sandboxed from the system level of Mac OS X by the Unix DAC model used within Mac OS X.

Can you explain this with out be understanding alot how the OS works.




Quote:
The Mac OS X Malware Myth Continues

Continuing a non-story that will never die, Wired Magazine has an article about the threat of Mac OS X malware, in which I was quoted. I spoke with the author, Ryan Singel, by phone yesterday, and disputed the premise that Apple's (AAPL) market share grows, it will be subject to the same degree of malware that Windows is. Unfortunately, something got lost in the translation. Here's the quote:


But Carl Howe, an Apple analyst at Blackfriars Communications, disputes the security researchers' theories. He thinks that OS X's Linux heritage makes Apple systems less vulnerable to attack than Windows-based platforms. He argues that even if hacking Macs hasn't been profitable in the past, attackers would have done it anyway if they'd been able -- just for the attention.

"I think the market-share thing has always been a myth," Howe said. "It's a good story to talk about."


What I actually said was Mac OS X's Unix heritage, not Linux. I wrote Ryan about the mistake, and he corrected it. But I just wanted my readers to know I don't have my *nix's mixed up if they saw the earlier version.
Read more here. http://seekingalpha.com/article/5272...myth-continues

Last edited by nec207; Apr 15, 2011 at 05:11 AM.
nec207 is offline   0 Reply With Quote
Old Apr 15, 2011, 11:57 AM   #23
GGJstudios
macrumors Westmere
 
Join Date: May 2008
Quote:
Originally Posted by nec207 View Post
Mostly it is spyware,adware,keyloggers ,trojan that is problem .
Yes, and those can be easily avoided without the need for antivirus software.
GGJstudios is offline   0 Reply With Quote
Old Apr 15, 2011, 03:48 PM   #24
munkery
macrumors 68020
 
munkery's Avatar
 
Join Date: Dec 2006
Quote:
Originally Posted by nec207 View Post
Can you explain this with out be understanding alot how the OS works.
In Mac OS X Snow Leopard, applications that come with your Mac can not be modified without entering your password.

Even if these applications are modified, it would not cause the installation of rootkits, such as keyloggers that could log protected passwords entered into security sensitive apps such as Safari.
__________________
Mac Security Suggestions
munkery is offline   0 Reply With Quote
Old Apr 16, 2011, 08:22 PM   #25
nec207
macrumors 6502
 
Join Date: Mar 2011
Quote:
Originally Posted by GGJstudios View Post
Yes, and those can be easily avoided without the need for antivirus software.
sorry what do you mean ?


windows uses DLL files and Exe files and the registry when most Unix,Linux and Mac OS X do not.

humm the DLL ,exe and registry are good way for malware to mess up your system.

Not say registry errors over the years of computer use.
nec207 is offline   0 Reply With Quote

Reply
MacRumors Forums > Apple Applications > Mac Applications and Mac App Store

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Similar Threads
thread Thread Starter Forum Replies Last Post
Yahoo Malware and safari. SOLLERBOY Mac Applications and Mac App Store 7 Jan 6, 2014 03:53 PM
Possible Malware rcpilot44 iOS 7 12 Nov 3, 2013 08:16 AM
Problem with some safari malware or trojan inscrewtable Mac Basics and Help 3 Oct 30, 2013 12:01 PM
I think I may have gotten some Malware... Jthall502 Mac Basics and Help 36 Aug 8, 2013 09:52 PM
Visit a malware web page with Safari (iPad) Fantoni iOS 6 9 Apr 15, 2013 04:59 PM

Forum Jump

All times are GMT -5. The time now is 10:41 PM.

Mac Rumors | Mac | iPhone | iPhone Game Reviews | iPhone Apps

Mobile Version | Fixed | Fluid | Fluid HD
Copyright 2002-2013, MacRumors.com, LLC