Warning to Mac Users -Ruby security risk

Raima

macrumors 6502
Original poster
Jan 21, 2010
397
7
I just thought I'd share something I discovered.

Last week my 2012 iMac i7 was running slow. I originally thought it was the new VLC update as the mac was running slow when it was running.

I turned off VLC and noticed the text I was typing in web browsers was still lagging. It was almost like it was using ruby to key log and send off the details.

I decided to install little snitch onto the iMac to investigate further and discovered it was using ruby to connect to a malware site I had identified earlier. The site was blocked at my router.

Since blocking ruby in little snitch my mac has returned back to normal.

I'm not sure exactly what it was doing, but if any who has more expertise that could investigate and report back, it could help the community.
 

Raima

macrumors 6502
Original poster
Jan 21, 2010
397
7
What site was it trying to connect to?
WARNING: I do not advise on clicking on the link below

One of them is - http://72.52.9.108

My router displays the following page

FRITZ!Box
The Internet page is blocked.
The Internet filter is enabled in the FRITZ!Box.
The requested page may not be displayed due to the filter settings.
URL: http://72.52.9.108/
Reason: Access to IP addresses is not permitted
 

Intell

macrumors P6
Jan 24, 2010
18,881
368
Inside
There's nothing bad about that site. It's privateinternetaccess.com. A legitmate VPN service that has been reviewed by reputable organizations. It would appear that your router's settings are blocking it because it is trying to access the page via IP address. Something that your router is not setup to allow. A rather strange and not recommend setting at that.
 

Intell

macrumors P6
Jan 24, 2010
18,881
368
Inside
Don't know. It's probably because of a third party installation. Maybe a torrent type of thing or something to do with VPNs.