Further Explanation for Those Interested...
Glad to see MacRumors back online.
😎
One of my good friends and fellow MacRumors members sent me an e-mail explaining his experience with regards to this incident.
Basically, it started with a message from MacRumors stating that he had received a private message. After logging in, it was indicated that the member had turned off private messaging, however there was a text link in the notification e-mail.
The link redirected him to a site called "clipwizards", claiming to be a porn site.
It then, via javascript, forced the download of an "Active X component" by looping until he pressed OK.
After clicking OK, a file called
1023.dmg was downloaded to his desktop.
Curious, since there's no such thing as ActiveX for the Mac.
😉
A Google search for "1023.dmg" leads to
this page, which pretty much explains everything. It appears to be a massive organized Eastern European crime ring that has access to nearly every machine hosted by the ISP "iPowerWeb". They don't do MR's hosting though, do they?
😛 😉 😀
As for the 1023.dmg file, it contains the app that made the news a couple months ago - the
Mac trojan that asks a user to enter their username and password on which then modifies the Mac's DNS servers, etc. etc.
Anyway, there ya go...
😎