Suspicious download from website.

Discussion in 'Mac Basics and Help' started by Jas123, Aug 17, 2009.

  1. Jas123 macrumors member

    Joined:
    Apr 1, 2008
    #1
    I'm a little worried, I visited a website yesterday that immediately redirected me and downloaded some file "movie.dmg." When the download finished installer opened automatically. I don't think anything actually installed. I just closed the installer window and deleted the dmg file.

    Is there anything I can do to ease my mind? anybody willing to go to the website to see if this is anything serious?

    dare2audition.com.au/ipn.php?district%209%20after%20credits

    I tried visiting the site again, but it redirects me to a different page now that doesn't download anything.

    Thanks for any help.
     
  2. GGJstudios macrumors Westmere

    GGJstudios

    Joined:
    May 16, 2008
    #2
    To install something, you would have had to enter your admin password. As long as you didn't, you're ok. Nothing happened when I went to the site. No download.
     
  3. angelwatt Moderator emeritus

    angelwatt

    Joined:
    Aug 16, 2005
    Location:
    USA
    #3
    It was quite potentially trying to get you to install a trojan. In Safari make sure you have the preferences set to not open trusted files automatically. Unless you completed the installation or gave your login credentials you'll be safe. Just delete the file and be more cautious. Based on what you have said I don't believe you have become infected.
     
  4. donuttakedonuts macrumors regular

    Joined:
    Aug 9, 2009
    #4
    Definitely looks suspicious.
    Especially how it tries to fake a mac os realplayer window. Don't like that one bit. Nope. wouldn't touch it with a ten foot pole.

    I wouldn't let my browser dl anything I didn't tell it to.
     
  5. MKSinSA macrumors regular

    MKSinSA

    Joined:
    Aug 1, 2009
    Location:
    Alamo City, Lone Star State
    #5
    In past, I always found that additional step a bit inconvenient and thought I might disable it. Today, I'm seeing it as a blessing that helps save me from my impatient self. Nice reminder. [Edit: And h/t to Jas123 for bringing it up.]

    Cheers! :cool:
     
  6. Schtumple macrumors 601

    Schtumple

    Joined:
    Jun 13, 2007
    Location:
    benkadams.com
    #6
    You should be fine, unless you actually installed it (as in, typed your password, kept clicking ok till the installer finished), you are ok.
     
  7. GGJstudios macrumors Westmere

    GGJstudios

    Joined:
    May 16, 2008
    #7
    Many sites have a javascript that will automatically download a file, unless you always surf with javascript disabled. However, it can't harm your system at all, unless you actively install it, entering your password.
    I'm not sure you CAN disable the requirement of your admin password to install applications, but even if you could, it would be extremely foolish to do so. That's the primary line of defense against trojans.
     
  8. donuttakedonuts macrumors regular

    Joined:
    Aug 9, 2009
    #8
    Nah, Firefox, before you DL anything, pops up a little window that says "what would you like to do with this file?" and there is a cancel option that doesn't DL it.
     
  9. GGJstudios macrumors Westmere

    GGJstudios

    Joined:
    May 16, 2008
    #9
    Good to know. I abandoned Firefox over a year ago, in favor of Safari.
     
  10. MKSinSA macrumors regular

    MKSinSA

    Joined:
    Aug 1, 2009
    Location:
    Alamo City, Lone Star State
    #10
    You are absolutely correct. I'm getting used to not having to run all the bloated anti-virus on the PC and forgot that's not running in the background. I was about to start a pilgrimage to figure out how to turn it off but this thread reminded me that I'm in MacWorld and it's important.

    Talk about being a few channels short of cable!
     
  11. MKSinSA macrumors regular

    MKSinSA

    Joined:
    Aug 1, 2009
    Location:
    Alamo City, Lone Star State
    #11
    But that can be overridden in the Tools | Options | Download pane. I was using FF through an AV program and had it set to let it all fly. Not the same in Safari, I'm learning. But it's better, I think.
     
  12. Jas123 thread starter macrumors member

    Joined:
    Apr 1, 2008
    #12
    I never entered my admin password, so that is some good news. :) It's really annoying that these sites exists; all they do is cause your stress level to rise. :mad:

    I'm wondering now about those apps that just require you to double click (or drag and drop) to run. are you safe as long never double click it?
     
  13. MKSinSA macrumors regular

    MKSinSA

    Joined:
    Aug 1, 2009
    Location:
    Alamo City, Lone Star State
    #13
    You should be OK

    You haven't done anything to bypass the admin password, have you? If you haven't, even dragging and dropping or double clicking shouldn't override it.
     
  14. EmperorDarius macrumors 6502a

    Joined:
    Jan 2, 2009
    #14
    [​IMG]
    Pretty much all the "codecs" or "QuickTime update" etc. downloads are variants of Jahlav-C. Quite easy to spot. You won't get infected if you don't enter your password, no worries.

    EDIT: Forgot to say that the pages are "intelligent". If you try to access them twice, they think you're a security researcher or something, and block access.
     
  15. donuttakedonuts macrumors regular

    Joined:
    Aug 9, 2009
    #15
    God why? that was before the 1st halfway decent vers of safari, 4. But also ya oughta, if you really want a bad browser, use Chrome, which logs everything you do and sends it to Google instead of apple.
     
  16. clevin macrumors G3

    clevin

    Joined:
    Aug 6, 2006
    #16
    I dont think gaining admin privilege is a necessity for all attacks, remember 2 months back reported thousands of mac zombies infected? No admin password required.
     
  17. GGJstudios macrumors Westmere

    GGJstudios

    Joined:
    May 16, 2008
    #17
    I'm extremely happy with Safari.... very stable, does what I want. I don't like having everything logged and sent to Google or anyone. I block all info from being sent out.
     
  18. BrianSullivan macrumors newbie

    Joined:
    Dec 26, 2008
    Location:
    PA
    #18
    That's the job of the person who makes the installer- there is an option in packagemaker to require admin authentication (checked by default). If it modifies system files like a trojan would it would need that anyways.:)
     
  19. Hellhammer Moderator

    Hellhammer

    Staff Member

    Joined:
    Dec 10, 2008
    Location:
    Finland
    #19
    I had exactly same situation as you few months ago. I clicked a link in Google and it redirected me few times and then downloaded "movie.dmg" file. Installer didn't open though. I just deleted it.
     
  20. MWPULSE macrumors 6502a

    MWPULSE

    Joined:
    Dec 27, 2008
    Location:
    London
    #20
    If I remember correctly basically anytime you copy something to the applications folder or utilities. Or the system/library folders you have you have to enter your admin password. Else it just cancels.

    If you run an app off the disk image directly after downloading then you still need to enter a password before anything important can be done. This second bit I'm not too sure about just logic speaking I guess. :)
     
  21. Tumbleweed666 macrumors 68000

    Joined:
    Mar 20, 2009
    Location:
    Near London, UK.
    #21

    No I dont recall that at all. Got a URL?
     
  22. angelwatt Moderator emeritus

    angelwatt

    Joined:
    Aug 16, 2005
    Location:
    USA
    #22
    See MacWorld article. Though the people that got infected had to put in their admin credentials to become infected initially.
     
  23. MKSinSA macrumors regular

    MKSinSA

    Joined:
    Aug 1, 2009
    Location:
    Alamo City, Lone Star State
    #23
    That was a great article, angelwatt

    Just started MacWorld subscription and already worth it ... that Trojan remover was a bonus.

    Question, though, if you know: I read a MacWorld article on security and turn off all the auto download stuff but when I slid the .dmg to the Application, nothing ever asked for the admin password. How did this package get past all the security?
     
  24. angelwatt Moderator emeritus

    angelwatt

    Joined:
    Aug 16, 2005
    Location:
    USA
    #24
    I don't pay complete attention as to when I get asked for credentials, but it's possible you recently did an admin task which temporarily unlocked your keychain and so it didn't need to ask again currently (similar to using sudo in Terminal). I think I have my keychain set to auto-lock after 5 or 10 minutes. That's just one thought.

    I know I at least always get prompted for admin credentials when overwriting something in the Applications folder, but I also run as a standard user rather than admin user.

    Also, just copying a application into the Application folder doesn't make it "installed" per se. If the application needs to write to any places outside your home directory it will definitely need to prompt you for your admin credentials. Most malicious software would need to place files in areas outside your home directory to do the most damage. Not that it can't do some harm when limited to your home directory.

    Anyways, that's my thoughts.
     
  25. Tumbleweed666 macrumors 68000

    Joined:
    Mar 20, 2009
    Location:
    Near London, UK.
    #25
    Indeed.

    So in your text "I don't think gaining admin privilege is a necessity for all attacks, remember 2 months back reported thousands of mac zombies infected? No admin password required" it appears that gaining admin privilege was a necessity and an admin password was required. Other than that, your message was quite correct :D
     

Share This Page