Sidebar Sidebar
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

Suspicious download from website.

J

Jas123

macrumors member
Original poster
Apr 1, 2008
97
0
I'm a little worried, I visited a website yesterday that immediately redirected me and downloaded some file "movie.dmg." When the download finished installer opened automatically. I don't think anything actually installed. I just closed the installer window and deleted the dmg file.

Is there anything I can do to ease my mind? anybody willing to go to the website to see if this is anything serious?

dare2audition.com.au/ipn.php?district%209%20after%20credits

I tried visiting the site again, but it redirects me to a different page now that doesn't download anything.

Thanks for any help.
 
To install something, you would have had to enter your admin password. As long as you didn't, you're ok. Nothing happened when I went to the site. No download.
 
It was quite potentially trying to get you to install a trojan. In Safari make sure you have the preferences set to not open trusted files automatically. Unless you completed the installation or gave your login credentials you'll be safe. Just delete the file and be more cautious. Based on what you have said I don't believe you have become infected.
 
Definitely looks suspicious.
Especially how it tries to fake a mac os realplayer window. Don't like that one bit. Nope. wouldn't touch it with a ten foot pole.

I wouldn't let my browser dl anything I didn't tell it to.
 
GGJstudios said:
To install something, you would have had to enter your admin password. As long as you didn't, you're ok. Nothing happened when I went to the site. No download.
Click to expand...

In past, I always found that additional step a bit inconvenient and thought I might disable it. Today, I'm seeing it as a blessing that helps save me from my impatient self. Nice reminder. [Edit: And h/t to Jas123 for bringing it up.]

Cheers! :cool:
 
You should be fine, unless you actually installed it (as in, typed your password, kept clicking ok till the installer finished), you are ok.
 
donuttakedonuts said:
I wouldn't let my browser dl anything I didn't tell it to.
Click to expand...
Many sites have a javascript that will automatically download a file, unless you always surf with javascript disabled. However, it can't harm your system at all, unless you actively install it, entering your password.
MKSinSA said:
In past, I always found that additional step a bit inconvenient and thought I might disable it.
Click to expand...
I'm not sure you CAN disable the requirement of your admin password to install applications, but even if you could, it would be extremely foolish to do so. That's the primary line of defense against trojans.
 
Nah, Firefox, before you DL anything, pops up a little window that says "what would you like to do with this file?" and there is a cancel option that doesn't DL it.
 
donuttakedonuts said:
Nah, Firefox, before you DL anything, pops up a little window that says "what would you like to do with this file?" and there is a cancel option that doesn't DL it.
Click to expand...

Good to know. I abandoned Firefox over a year ago, in favor of Safari.
 
GGJstudios said:
I'm not sure you CAN disable the requirement of your admin password to install applications, but even if you could, it would be extremely foolish to do so. That's the primary line of defense against trojans.
Click to expand...

You are absolutely correct. I'm getting used to not having to run all the bloated anti-virus on the PC and forgot that's not running in the background. I was about to start a pilgrimage to figure out how to turn it off but this thread reminded me that I'm in MacWorld and it's important.

Talk about being a few channels short of cable!
 
donuttakedonuts said:
Nah, Firefox, before you DL anything, pops up a little window that says "what would you like to do with this file?" and there is a cancel option that doesn't DL it.
Click to expand...

But that can be overridden in the Tools | Options | Download pane. I was using FF through an AV program and had it set to let it all fly. Not the same in Safari, I'm learning. But it's better, I think.
 
I never entered my admin password, so that is some good news. :) It's really annoying that these sites exists; all they do is cause your stress level to rise. :mad:

I'm wondering now about those apps that just require you to double click (or drag and drop) to run. are you safe as long never double click it?
 
You should be OK

Jas123 said:
I never entered my admin password, so that is some good news. :) It's really annoying that these sites exists; all they do is cause your stress level to rise. :mad:

I'm wondering now about those apps that just require you to double click (or drag and drop) to run. are you safe as long never double click it?
Click to expand...

You haven't done anything to bypass the admin password, have you? If you haven't, even dragging and dropping or double clicking shouldn't override it.
 
Y8Lt4a89a47237901.png

Pretty much all the "codecs" or "QuickTime update" etc. downloads are variants of Jahlav-C. Quite easy to spot. You won't get infected if you don't enter your password, no worries.

EDIT: Forgot to say that the pages are "intelligent". If you try to access them twice, they think you're a security researcher or something, and block access.
 
GGJstudios said:
Good to know. I abandoned Firefox over a year ago, in favor of Safari.
Click to expand...

God why? that was before the 1st halfway decent vers of safari, 4. But also ya oughta, if you really want a bad browser, use Chrome, which logs everything you do and sends it to Google instead of apple.
 
I dont think gaining admin privilege is a necessity for all attacks, remember 2 months back reported thousands of mac zombies infected? No admin password required.
 
donuttakedonuts said:
God why? that was before the 1st halfway decent vers of safari, 4. But also ya oughta, if you really want a bad browser, use Chrome, which logs everything you do and sends it to Google instead of apple.
Click to expand...
I'm extremely happy with Safari.... very stable, does what I want. I don't like having everything logged and sent to Google or anyone. I block all info from being sent out.
 
GGJstudios said:
I'm not sure you CAN disable the requirement of your admin password to install applications, but even if you could, it would be extremely foolish to do so. That's the primary line of defense against trojans.
Click to expand...

That's the job of the person who makes the installer- there is an option in packagemaker to require admin authentication (checked by default). If it modifies system files like a trojan would it would need that anyways.:)
 
I had exactly same situation as you few months ago. I clicked a link in Google and it redirected me few times and then downloaded "movie.dmg" file. Installer didn't open though. I just deleted it.
 
Jas123 said:
I never entered my admin password, so that is some good news. :) It's really annoying that these sites exists; all they do is cause your stress level to rise. :mad:

I'm wondering now about those apps that just require you to double click (or drag and drop) to run. are you safe as long never double click it?
Click to expand...

If I remember correctly basically anytime you copy something to the applications folder or utilities. Or the system/library folders you have you have to enter your admin password. Else it just cancels.

If you run an app off the disk image directly after downloading then you still need to enter a password before anything important can be done. This second bit I'm not too sure about just logic speaking I guess. :)
 
That was a great article, angelwatt

angelwatt said:
See MacWorld article. Though the people that got infected had to put in their admin credentials to become infected initially.
Click to expand...

Just started MacWorld subscription and already worth it ... that Trojan remover was a bonus.

Question, though, if you know: I read a MacWorld article on security and turn off all the auto download stuff but when I slid the .dmg to the Application, nothing ever asked for the admin password. How did this package get past all the security?
 
MKSinSA said:
Question, though, if you know: I read a MacWorld article on security and turn off all the auto download stuff but when I slid the .dmg to the Application, nothing ever asked for the admin password. How did this package get past all the security?
Click to expand...

I don't pay complete attention as to when I get asked for credentials, but it's possible you recently did an admin task which temporarily unlocked your keychain and so it didn't need to ask again currently (similar to using sudo in Terminal). I think I have my keychain set to auto-lock after 5 or 10 minutes. That's just one thought.

I know I at least always get prompted for admin credentials when overwriting something in the Applications folder, but I also run as a standard user rather than admin user.

Also, just copying a application into the Application folder doesn't make it "installed" per se. If the application needs to write to any places outside your home directory it will definitely need to prompt you for your admin credentials. Most malicious software would need to place files in areas outside your home directory to do the most damage. Not that it can't do some harm when limited to your home directory.

Anyways, that's my thoughts.
 
angelwatt said:
See MacWorld article. Though the people that got infected had to put in their admin credentials to become infected initially.
Click to expand...

Indeed.

So in your text "I don't think gaining admin privilege is a necessity for all attacks, remember 2 months back reported thousands of mac zombies infected? No admin password required" it appears that gaining admin privilege was a necessity and an admin password was required. Other than that, your message was quite correct :D
 
You must log in or register to reply here.
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.
Top Bottom
Back