Sidebar Sidebar
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

I believe I just stumbled across a Trojan/malware.

G

glasserp

macrumors regular
Original poster
Apr 4, 2008
195
0
Okay, so I clicked on a normal-looking link to a BlogSpot blog. Instead of taking me to the blog it took me to a website that looks 100% identical to a YouTube page. Where a video would normally start playing it instead said "Video ActiveX Error" and a DMG entitled "1234" that was approximately 750kb automatically downloaded to my computer. I immediately trashed it, but it kind of freaked me out. I know not to click on suspicious links, but this didn't look too out of the ordinary. I guess this goes to show you to be on the look out :(
 
Yes, you have to be careful what you click on when browsing the Internet.

You clicked on something (a link) that resulted in this action (a file was DL'ed).

Not a virus, but it might be some sort of malware.

What was the link/URL?
 
It's not as bad as you might think- you would have had to open that DMG for any potential damage to be done, I believe (and more on top).

You sound like you're vigilant, which will keep you safe.
 
glasserp said:
Okay, so I clicked on a normal-looking link to a BlogSpot blog. Instead of taking me to the blog it took me to a website that looks 100% identical to a YouTube page. Where a video would normally start playing it instead said "Video ActiveX Error" and a DMG entitled "1234" that was approximately 750kb automatically downloaded to my computer. I immediately trashed it, but it kind of freaked me out. I know not to click on suspicious links, but this didn't look too out of the ordinary. I guess this goes to show you to be on the look out :(
Click to expand...

There has been something like this out before regarding video playback. Definitely watch what is downloaded.

I believe the previous one was regarding the user to install a plugin to enable playback and it required the admin password to install.

I wouldn't classify these as virus/trojans since they require permission to install but definitely Malware since it would probably install a keylogger of sorts (my guess).

Good catch.
 
I found it on the wall of a Facebook group.

Code: 
http://victoria-inn.blogspot.com/
 
Look at it this way - at least you're not using Windows. If you were, you'd have to be _really_ paranoid ;) :p :D
 

Attachments

  • package.png
    package.png
    11 KB · Views: 112
it is a common internet courtesy when posting links like that to tag them NSFW.

I'd rather not get fired for clicking on your link, thanks.

and by the way, everyone...the above link is NSFW.
 
I keep getting an .exe

I want to open the DMG and see what it is.

Can someone link me to it?

EDIT: Got it!

Hmm ... "Porn4Mac" installer, lol... let's see what this does.

EDIT EDIT:
Picture2-2.png

Picture1-5.png
 
benpatient said:
it is a common internet courtesy when posting links like that to tag them NSFW.

I'd rather not get fired for clicking on your link, thanks.

and by the way, everyone...the above link is NSFW.
Click to expand...

Thanks, I'll do that next time. But as you can see, I'm a MacRumors Newbie. So I don't know what you mean by NSFW... also why would you click on something while at work when you know it links to some form of malware?
 
glasserp said:
Thanks, I'll do that next time. But as you can see, I'm a MacRumors Newbie. So I don't know what you mean by NSFW... also why would you click on something while at work when you know it links to some form of malware?
Click to expand...

Not Safe For Work
 
He means that when you link to something with porno, just say that it's NSFW or Not Safe For Work. Some people deal with things like this at work, so a link like that might be okay had there not been porno all up on the website.

Personally, my boss wouldn't care if I clicked on that link, but others might. :)
 
Hooka said:
so how do you get rid of this porn4mac if you did install it?
Click to expand...

*facepalm* Why in God's name did you install this? I guess the best bet would be to use AppDelete and completely clear it out of your system
 
People should be aware that there is a growing proliferation of "spoof" websites, that are designed to look like legitimate sites. When you're about to click on a link, hover over it and look at the URL in your status bar at the bottom of your browser. If it's a site you don't recognize, be careful! If you go to a site that looks like youtube.com, for instance, it's a good idea to get in the habit of looking at the URL in the address bar, just to make sure it's not a spoof site. This is especially true if you plan on entering any passwords or buying anything. Even with these precautions, it's possible for a site to slip through, so stay alert to downloads, redirection, etc. It's a dangerous world out on the WWW!
 
You must log in or register to reply here.
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.
Top Bottom
Back