Warning to Mac Users -Ruby security risk

Discussion in 'Mac Apps and Mac App Store' started by Raima, Jun 23, 2013.

  1. Raima macrumors 6502

    Joined:
    Jan 21, 2010
    #1
    I just thought I'd share something I discovered.

    Last week my 2012 iMac i7 was running slow. I originally thought it was the new VLC update as the mac was running slow when it was running.

    I turned off VLC and noticed the text I was typing in web browsers was still lagging. It was almost like it was using ruby to key log and send off the details.

    I decided to install little snitch onto the iMac to investigate further and discovered it was using ruby to connect to a malware site I had identified earlier. The site was blocked at my router.

    Since blocking ruby in little snitch my mac has returned back to normal.

    I'm not sure exactly what it was doing, but if any who has more expertise that could investigate and report back, it could help the community.
     
  2. Intell macrumors P6

    Intell

    Joined:
    Jan 24, 2010
    Location:
    Inside
  3. Raima thread starter macrumors 6502

    Joined:
    Jan 21, 2010
    #3
    WARNING: I do not advise on clicking on the link below

    One of them is - http://72.52.9.108

    My router displays the following page

    FRITZ!Box
    The Internet page is blocked.
    The Internet filter is enabled in the FRITZ!Box.
    The requested page may not be displayed due to the filter settings.
    URL: http://72.52.9.108/
    Reason: Access to IP addresses is not permitted
     
  4. Intell macrumors P6

    Intell

    Joined:
    Jan 24, 2010
    Location:
    Inside
    #4
    There's nothing bad about that site. It's privateinternetaccess.com. A legitmate VPN service that has been reviewed by reputable organizations. It would appear that your router's settings are blocking it because it is trying to access the page via IP address. Something that your router is not setup to allow. A rather strange and not recommend setting at that.
     
  5. Raima thread starter macrumors 6502

    Joined:
    Jan 21, 2010
  6. Intell macrumors P6

    Intell

    Joined:
    Jan 24, 2010
    Location:
    Inside
    #6
    Don't know. It's probably because of a third party installation. Maybe a torrent type of thing or something to do with VPNs.
     

Share This Page