MacNN | New 'ransom' malware exploits JavaScript flaw to plague OS X users
Mac News Network View: Standard | Headlines | Categorized | Slim
Mac News Network
Mac News iPod News Reviews Forums
 

Desktop Headlines
New 'ransom' malware exploits JavaScript flaw to plague OS X users
Monday, July 15, 2013 @ 11:59pm

A new bit of "ransomware" that has long been a plague to Windows users has been "ported" to work on Mac browsers, taking advantage of a flaw in JavaScript (not to be confused with Java) to prevent it from being easily dismissed or gotten rid of. The exploit takes advantage of the "restore from crash" to keep bothering the user, and scares them into thinking they must surrender payment information in order to "unlock" their browser and use it normally again, often under threat of persecution. There is a relatively easy fix, though inconvenient.



The ransomware page can be landed on or pushed to users who are using alternative search sites to look for certain kinds of keywords having to do with pirated software or pornography. The page appears to be from the US Federal Bureau of Investigation and claims that the user has been viewing or distributing illegal software or pornography, and that in order to "unlock" the computer they are obligated to pay a release fee of $300, using a fake URL that starts with "fbi.gov" to fool unsuspecting users. Closing the window or dismissing the warning creates another pop-up that also cannot be closed without re-spawning. Quitting or force-quitting the browser will return the user to the same page with the cycle beginning again. The code will actually allow the user to quit after 150 or so prompts, but few users are willing to go that far and are not aware that the JavaScript snippet will ever quit. Users can escape the scam by choosing to reset their browser. In Safari the command is located in the application menu and choosing all aspects of the reset. The action does not remove bookmarks but does clear out saved name and passwords as well as resetting any Top Sites that have been saved. Apple has built-in malware protection software in Snow Leopard and later systems that was recently updated, but it's not yet known if it will successfully block this particular malware yet. Assuming it does not yet block the scam, the company is likely to update XProtect to avoid the problem in the near future. The hack does not yet appear to work on mobile browsers.



Comments on this Article
Print Friendly Version
Email to a Friend
Add MacNN to Your RSS Feeds
Buy from the Apple Store


Related Stories:

Today's MacNN Stories:
  • First look: iPhone 6, 6 Plus - 3:02 AM EST
  • Wozniak on the iPhone 6: 'I've gotten rid of my Android phones' - 1:42 AM EST

    Today's iPodNN Stories:
  • Nvidia announces GTX 970, 980 cards with Maxwell GPU architecture - 12:30 AM EST
  • China denies hacking involvement uncovered in US committee report - 10:26 PM EST
  • Briefly: Tesoro Shrike mouse update, New Lian Li case options - 4:28 PM EST
  • Microsoft sheds 2,100 jobs in second wave of employee layoffs - 3:33 PM EST
  • Toshiba cuts 900 jobs as part of PC business restructuring effort - 2:53 PM EST
  • No comments posted on this story yet. Please post yours.
    Your Comments
    In order to post comments, you must be a registered member of the MacNN Forums and logged in. Please login with your MacNN Forums username and password.

    MacNN Forums Login:

    MacNN Forums Password:

    Not a member of the MacNN forums? Register now for free.