Go Back   MacRumors Forums > News and Article Discussion > MacRumors.com News Discussion

Reply
 
Thread Tools Search this Thread Display Modes
Old Jul 16, 2013, 11:15 AM   #1
MacRumors
macrumors bot
 
Join Date: Apr 2001
OS X Users Hit by Ransomware Websites Posing as FBI Notices




Malwarebytes takes a look at a method cyber-criminals have begun using to target Mac users with "ransomware", hijacking the user's browser with a notice demanding payment of $300 in order to release control of the application. While similar malware has affected Windows systems for a number of years, Mac users have only rarely seen such efforts targeted at themselves.
Quote:
The ransomware page is being pushed onto unsuspecting users browsing regular sites but in particular when searching for popular keywords.

Warnings appearing to be from the FBI tell the victim: "you have been viewing or distributing prohibited Pornographic content.. To unlock your computer and to avoid other legal consequences, you are obligated to pay a release fee of $300."
Rather than a sophisticated hijack of the actual browser software or an installation of a trojan, the ransomware is merely a simple webpage using JavaScript to load 150 iframes that require confirmation to be dismissed, with the authors hoping that users will give up long before they dismiss all of the dialog boxes and simply pay the ransom. As the report notes, a feature on OS X that reopens previously open windows after relaunching an app means that users generally can not simply close and reopen Safari in order to escape the ransomware.

The report details one method to escape the ransomware involving resetting Safari, but misses a far simpler tactic: Simply holding down the Shift key while relaunching Safari will prevent it from reopening windows and tabs from the previous session. Users can also completely disable the reopening feature across OS X from the General pane of System Preferences. Many OS X users may, however, be unfamiliar with such options and find themselves trapped by the ransomware webpage.

The report notes that the ransomware authors are targeting users based on popular search terms, with one example stumbled upon through an image search result for Taylor Swift on Bing.

Article Link: OS X Users Hit by Ransomware Websites Posing as FBI Notices
MacRumors is offline   0 Reply With Quote
Old Jul 16, 2013, 11:21 AM   #2
Mr. Retrofire
macrumors 601
 
Mr. Retrofire's Avatar
 
Join Date: Mar 2010
Location: www.emiliana.cl
Sounds dangerous. Let us switch to Linux.

;-)
__________________

“Only the dead have seen the end of the war.”
-- Plato --
Mr. Retrofire is offline   8 Reply With Quote
Old Jul 16, 2013, 11:21 AM   #3
notjustjay
macrumors 603
 
notjustjay's Avatar
 
Join Date: Sep 2003
Location: Canada, eh?
This is exactly why I don't like (and will turn off) the "re-open all previously open windows" feature. Even accidental Javascript errors can result in endless windows, and errors like that are much easier to clear by quitting and restarting.
__________________
.
notjustjay is offline   6 Reply With Quote
Old Jul 16, 2013, 11:23 AM   #4
ryansimmons323
macrumors regular
 
Join Date: Oct 2011
Well at least it only blocks the browser. I've had to fix 2 Windows machines for people with these things and they completely lock the whole system as well as installing a load of crap with it.
ryansimmons323 is offline   12 Reply With Quote
Old Jul 16, 2013, 11:23 AM   #5
primalman
macrumors 6502a
 
Join Date: Jul 2002
Location: at the end of the hall
Who falls for a thing that says its the FBI and to pay a fine you use gas station money cards? Really?
__________________
primalman
primalman is offline   46 Reply With Quote
Old Jul 16, 2013, 11:24 AM   #6
Nightarchaon
macrumors 65816
 
Nightarchaon's Avatar
 
Join Date: Sep 2010
this is why that feature was the 1st thing i turned off when i upgraded my macbook pro/bought my new iMac

Useless Feature IMO, i use a script to start up the programs i need with a single click, and tie that to startup. i prefer clean starts when i restart a program, not a cached copy of the program from earlier

This is why we need to Kill Java as well as flash, ASAP
__________________
iWatch in action http://media.joe.ie/wp-content/uploa...ael-Knight.jpg
MacBook Pro/iPad Mini/TV1/iMac/iPhone5
Nightarchaon is offline   1 Reply With Quote
Old Jul 16, 2013, 11:24 AM   #7
ravenvii
macrumors 604
 
ravenvii's Avatar
 
Join Date: Mar 2004
Location: Melenkurion Skyweir
Quote:
Originally Posted by primalman View Post
Who falls for a thing that says its the FBI and to pay a fine you use gas station money cards? Really?
You'd be surprised.
__________________
59 6F 75 20 73 70 6F 6F 6E 79 20 62 61 72 64 21
ravenvii is offline   14 Reply With Quote
Old Jul 16, 2013, 11:24 AM   #8
Tankmaze
macrumors 65816
 
Tankmaze's Avatar
 
Join Date: Mar 2012
good PSA from macrumors!

Quote:
Many OS X users may, however, be unfamiliar with such options and find themselves trapped by the ransomware webpage.
this is true, it can even fool me (consider myself as a geek).
__________________
Check out our game Tank Maze
Tankmaze is offline   0 Reply With Quote
Old Jul 16, 2013, 11:24 AM   #9
chumawumba
Banned
 
Join Date: Aug 2012
Location: Ask the NSA
Only real stupid people would fall for that.

Unfortunately...


This is America so I wouldn't be surprised.
chumawumba is offline   14 Reply With Quote
Old Jul 16, 2013, 11:25 AM   #10
TsunamiTheClown
macrumors 6502a
 
TsunamiTheClown's Avatar
 
Join Date: Apr 2011
Location: On the verge
I have paid this ransom like 3 times today and still no sense of absolution.
__________________
hi there
TsunamiTheClown is offline   46 Reply With Quote
Old Jul 16, 2013, 11:25 AM   #11
deKay
macrumors newbie
 
Join Date: Feb 2013
Quote:
Originally Posted by notjustjay View Post
This is exactly why I don't like (and will turn off) the "re-open all previously open windows" feature.
But when you use ForceQuit does it not just load the homepage from your preferences? So to "solve" the problem you just go there and set it back to apple.com, google.com or whatever?

Quote:
Originally Posted by primalman View Post
Who falls for a thing that says its the FBI and to pay a fine you use gas station money cards? Really?
Way too many people.
deKay is offline   0 Reply With Quote
Old Jul 16, 2013, 11:26 AM   #12
SmoMo
macrumors regular
 
Join Date: Aug 2011
…oh so it was a Scam?

Now how do I get my $300 back?
SmoMo is offline   9 Reply With Quote
Old Jul 16, 2013, 11:26 AM   #13
scbn
macrumors 6502
 
Join Date: Jul 2010
Let me guess: those blackmailing guys are from Eastern Europe or Russia?
scbn is offline   2 Reply With Quote
Old Jul 16, 2013, 11:26 AM   #14
TMRaven
macrumors 68020
 
TMRaven's Avatar
 
Join Date: Nov 2009
If the fbi finds out you're distributing child porn you're going to jail, not paying 300 dollars. Hahaha.
__________________
27" iMac i7 860 @ 2.8ghz; 8gb DDR3 1066 ram; 1tb HDD @ 7200rpm; ATI Mobility 4850, 512mb GDDR3 ram
http://www.armoredcoreuniverse.net/Fan site for Armored Core enthusiasts.
TMRaven is offline   16 Reply With Quote
Old Jul 16, 2013, 11:27 AM   #15
SandboxGeneral
Moderator
 
SandboxGeneral's Avatar
 
Join Date: Sep 2010
Location: The New World
This is the perfect use of NoScript for Firefox and ScriptNo for Chrome.

These excellent extensions for each browser prevents these types of things from running without user authorization.

Edit: Looks there is an extension for Safari: http://javascript-blocker.toggleable.com/

Regarding the extension for Safari, there is a disclaimer associated with it. It turns out, due to Apple, this extension isn't as robust and powerful as those for Chrome or Firefox. but should nontheless help out.
Quote:
*Unlike NoScript, this tool only blocks scripts when they are loaded from an external file or a data URI. What this means is that any scripts that are within the page itself can still run. Usually this is enough to remain safe on the web and block trackers, advertisers, etc. Unfortunately this is a limitation of the Safari extension design, not mine.
__________________
"Gee, I've been on this diet only ten minutes and I've already lost something, my sense of humor."
••• SandboxGeneral.com •••

Last edited by SandboxGeneral; Jul 16, 2013 at 04:46 PM. Reason: Added disclaimer notice
SandboxGeneral is offline   9 Reply With Quote
Old Jul 16, 2013, 11:27 AM   #16
dernhelm
macrumors 68000
 
dernhelm's Avatar
 
Join Date: May 2002
Location: middle earth
Quote:
Originally Posted by notjustjay View Post
This is exactly why I don't like (and will turn off) the "re-open all previously open windows" feature. Even accidental Javascript errors can result in endless windows, and errors like that are much easier to clear by quitting and restarting.
Exactly. That's one of the first things I do when I help someone else with any problem with their Mac. That "feature" should never have been enabled by default. Its one of those "sounds great when you discuss it, but doesn't work in practice" type features.
__________________
Five exclamation marks, the sure sign of an insane mind. --Terry Pratchett
dernhelm is offline   3 Reply With Quote
Old Jul 16, 2013, 11:27 AM   #17
bacaramac
macrumors 65816
 
bacaramac's Avatar
 
Join Date: Dec 2007
Wow, at least make it more believable. Pay $300 to unlock browser? Ok, why don't you at least write something along the lines

"There was a new law that passed that allows settlement of these fines at $300. You may pay the $300 settlement fine now or legal action may pursue against you. You will have the right to defend your case in court. blah blah"

At least make the $300 believable. Who falls for this crap, seriously.
__________________
iMac 27" 3.06Ghz 2TB Time Capsule and AP Express Current Gen AppleTV x 3 iPhone 5s Space Gray 16Gb iPod Touch 4th Gen White iPad mini White/Silver 16GB WiFi
bacaramac is offline   0 Reply With Quote
Old Jul 16, 2013, 11:27 AM   #18
stuffradio
macrumors 6502a
 
Join Date: Mar 2009
Quote:
Originally Posted by TsunamiTheClown View Post
I have paid this ransom like 3 times today and still no sense of absolution.
Try mastercard instead.
stuffradio is offline   0 Reply With Quote
Old Jul 16, 2013, 11:28 AM   #19
jonAppleSeed
macrumors regular
 
Join Date: Mar 2013
Apple users are more willing to pay for digital things.
I wonder if the a$$hat who is doing this had that in mind.
jonAppleSeed is offline   0 Reply With Quote
Old Jul 16, 2013, 11:29 AM   #20
everything-i
macrumors 6502a
 
Join Date: Jun 2012
Location: London, UK
Pretty obviously fake, as if the FBI would use phrases like 'child porno photos and etc were found on your computer'. Still I suppose it only takes a very small fraction of people seeing this to pay up to make the criminals a decent amount of cash.
everything-i is offline   2 Reply With Quote
Old Jul 16, 2013, 11:30 AM   #21
uknowimright
macrumors 6502a
 
Join Date: Dec 2011
it really is unfortunate that people fall for these sort of things
uknowimright is offline   1 Reply With Quote
Old Jul 16, 2013, 11:30 AM   #22
Eidorian
macrumors Penryn
 
Eidorian's Avatar
 
Join Date: Mar 2005
Location: Cuidad de México
Send a message via AIM to Eidorian
Quote:
Originally Posted by notjustjay View Post
This is exactly why I don't like (and will turn off) the "re-open all previously open windows" feature. Even accidental Javascript errors can result in endless windows, and errors like that are much easier to clear by quitting and restarting.
Apple's "helpful" defaults are more annoying than anything else.
__________________
Core i5 750 / 16 GB RAM / 500 GB SSD / GTX 970 / Windows 8.1
13" Retina MacBook Pro
Eidorian is offline   1 Reply With Quote
Old Jul 16, 2013, 11:30 AM   #23
Shrink
macrumors Demi-God
 
Shrink's Avatar
 
Join Date: Feb 2011
Location: New England, USA
Quote:
Originally Posted by SandboxGeneral View Post
This is the perfect use of NoScript for Firefox and ScriptNo for Chrome.

These excellent extensions for each browser prevents these types of things from running without user authorization.
Do you happen to know if there is a similar extension for Safari?
__________________
Two things are infinite, the universe and human stupidity; and I'm not sure about the universe. -- Albert Einstein
Shrink is offline   0 Reply With Quote
Old Jul 16, 2013, 11:34 AM   #24
ArmCortexA8
macrumors 6502a
 
Join Date: Feb 2010
Location: Terra Australis
Honestly, if people really fall for these tricks they should not be anywhere near a computer and they deserve to be ripped off - hopefully they might learn from it. For god's sake the URL alone is enough to make you realise its dodgy. People should NOT be told to keep pressing OK buttons on dialogue boxes as this can introduced more problems. Notice the user in the video did not got to preferences and change the home page, or Hold shift and Start safari either.
__________________
iPhone 6 Plus Gold 128GB / Apple iPod Touch 64GB 5th Gen (Retina) / Apple MacBook Pro Retina 15" / i7 Quad Core / 16GB RAM / 512GB SSD / Intel Iris and Nvidia GeForce 750M.
ArmCortexA8 is offline   2 Reply With Quote
Old Jul 16, 2013, 11:34 AM   #25
macs4nw
macrumors 68020
 
macs4nw's Avatar
 
Join Date: Sep 2010
Location: On Safari…..
There's just no limit to the ingenuity of greedy crooks, is there?
__________________
Due to my aversion to bragging and clichés, no words of wisdom to be found on this line.....
macs4nw is offline   2 Reply With Quote

Reply
MacRumors Forums > News and Article Discussion > MacRumors.com News Discussion

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Similar Threads
thread Thread Starter Forum Replies Last Post
Ransomware Stumps Me CoolChristopher Mac Applications and Mac App Store 3 May 5, 2014 05:16 AM
Ransomware on new MacBook. Help! ContentMaudlin Mac Basics and Help 4 Jul 16, 2013 06:16 PM
Apple Sending Out iTunes Match Renewal Notices to U.S. Users MacRumors MacRumors.com News Discussion 130 Nov 4, 2012 08:14 PM
Ransomware on Mac? cosmichobo OS X 2 Oct 27, 2012 09:51 AM

Forum Jump

All times are GMT -5. The time now is 03:34 PM.

Mac Rumors | Mac | iPhone | iPhone Game Reviews | iPhone Apps

Mobile Version | Fixed | Fluid | Fluid HD
Copyright 2002-2013, MacRumors.com, LLC