I believe I just stumbled across a Trojan/malware.

Discussion in 'macOS' started by glasserp, Apr 25, 2008.

  1. glasserp macrumors regular

    Joined:
    Apr 4, 2008
    Location:
    Detroit, MI
    #1
    Okay, so I clicked on a normal-looking link to a BlogSpot blog. Instead of taking me to the blog it took me to a website that looks 100% identical to a YouTube page. Where a video would normally start playing it instead said "Video ActiveX Error" and a DMG entitled "1234" that was approximately 750kb automatically downloaded to my computer. I immediately trashed it, but it kind of freaked me out. I know not to click on suspicious links, but this didn't look too out of the ordinary. I guess this goes to show you to be on the look out :(
     
  2. sushi Moderator emeritus

    sushi

    Joined:
    Jul 19, 2002
    Location:
    キャンプスワ&#
    #2
    Yes, you have to be careful what you click on when browsing the Internet.

    You clicked on something (a link) that resulted in this action (a file was DL'ed).

    Not a virus, but it might be some sort of malware.

    What was the link/URL?
     
  3. Much Ado macrumors 68000

    Much Ado

    Joined:
    Sep 7, 2006
    Location:
    UK
    #3
    It's not as bad as you might think- you would have had to open that DMG for any potential damage to be done, I believe (and more on top).

    You sound like you're vigilant, which will keep you safe.
     
  4. kkat69 macrumors 68020

    kkat69

    Joined:
    Aug 30, 2007
    Location:
    Atlanta, Ga
    #4
    There has been something like this out before regarding video playback. Definitely watch what is downloaded.

    I believe the previous one was regarding the user to install a plugin to enable playback and it required the admin password to install.

    I wouldn't classify these as virus/trojans since they require permission to install but definitely Malware since it would probably install a keylogger of sorts (my guess).

    Good catch.
     
  5. glasserp thread starter macrumors regular

    Joined:
    Apr 4, 2008
    Location:
    Detroit, MI
    #5
    I found it on the wall of a Facebook group.

    Code:
    http://victoria-inn.blogspot.com/
     
  6. tersono macrumors 68000

    tersono

    Joined:
    Jan 18, 2005
    Location:
    UK
    #6
    Look at it this way - at least you're not using Windows. If you were, you'd have to be _really_ paranoid ;) :p :D
     
  7. Eidorian macrumors Penryn

    Eidorian

    Joined:
    Mar 23, 2005
    Location:
    Indianapolis
    #7

    Attached Files:

  8. benpatient macrumors 68000

    Joined:
    Nov 4, 2003
    #8
    it is a common internet courtesy when posting links like that to tag them NSFW.

    I'd rather not get fired for clicking on your link, thanks.

    and by the way, everyone...the above link is NSFW.
     
  9. The General macrumors 601

    Joined:
    Jul 7, 2006
    #9
    I keep getting an .exe

    I want to open the DMG and see what it is.

    Can someone link me to it?

    EDIT: Got it!

    Hmm ... "Porn4Mac" installer, lol... let's see what this does.

    EDIT EDIT:
    [​IMG]
    [​IMG]
     
  10. kkat69 macrumors 68020

    kkat69

    Joined:
    Aug 30, 2007
    Location:
    Atlanta, Ga
    #10
    ROFLMAO "suppa puppa desc yo"????

    Hahahaha
     
  11. glasserp thread starter macrumors regular

    Joined:
    Apr 4, 2008
    Location:
    Detroit, MI
    #11
    Thanks, I'll do that next time. But as you can see, I'm a MacRumors Newbie. So I don't know what you mean by NSFW... also why would you click on something while at work when you know it links to some form of malware?
     
  12. Sky Blue Guest

    Sky Blue

    Joined:
    Jan 8, 2005
    #12
    Not Safe For Work
     
  13. The General macrumors 601

    Joined:
    Jul 7, 2006
    #13
    He means that when you link to something with porno, just say that it's NSFW or Not Safe For Work. Some people deal with things like this at work, so a link like that might be okay had there not been porno all up on the website.

    Personally, my boss wouldn't care if I clicked on that link, but others might. :)
     
  14. Hooka macrumors regular

    Hooka

    Joined:
    Dec 14, 2007
    Location:
    Fort Lauderdale, FL
    #14
    so how do you get rid of this porn4mac if you did install it?
     
  15. jayhawk11 macrumors 6502a

    jayhawk11

    Joined:
    Oct 19, 2007
    #15
    *facepalm* Why in God's name did you install this? I guess the best bet would be to use AppDelete and completely clear it out of your system
     
  16. GGJstudios macrumors Westmere

    GGJstudios

    Joined:
    May 16, 2008
    #16
    People should be aware that there is a growing proliferation of "spoof" websites, that are designed to look like legitimate sites. When you're about to click on a link, hover over it and look at the URL in your status bar at the bottom of your browser. If it's a site you don't recognize, be careful! If you go to a site that looks like youtube.com, for instance, it's a good idea to get in the habit of looking at the URL in the address bar, just to make sure it's not a spoof site. This is especially true if you plan on entering any passwords or buying anything. Even with these precautions, it's possible for a site to slip through, so stay alert to downloads, redirection, etc. It's a dangerous world out on the WWW!
     
  17. Hooka macrumors regular

    Hooka

    Joined:
    Dec 14, 2007
    Location:
    Fort Lauderdale, FL
    #17
    I don't think that will work, because it is a .pkg not an app. Any other suggestions.
     
  18. AndyK Contributor

    AndyK

    Joined:
    Jan 10, 2008
    #18
    This thread is becoming epic for all the wrong reasons.
     

Share This Page