MacNN | New 'ransom' malware exploits JavaScript flaw to plague OS X users
Mac News Network View: Standard | Headlines | Categorized | Slim
Mac News Network
Mac News iPod News Reviews Forums
 

Desktop Headlines
New 'ransom' malware exploits JavaScript flaw to plague OS X users
Monday, July 15, 2013 @ 11:59pm

A new bit of "ransomware" that has long been a plague to Windows users has been "ported" to work on Mac browsers, taking advantage of a flaw in JavaScript (not to be confused with Java) to prevent it from being easily dismissed or gotten rid of. The exploit takes advantage of the "restore from crash" to keep bothering the user, and scares them into thinking they must surrender payment information in order to "unlock" their browser and use it normally again, often under threat of persecution. There is a relatively easy fix, though inconvenient.



The ransomware page can be landed on or pushed to users who are using alternative search sites to look for certain kinds of keywords having to do with pirated software or pornography. The page appears to be from the US Federal Bureau of Investigation and claims that the user has been viewing or distributing illegal software or pornography, and that in order to "unlock" the computer they are obligated to pay a release fee of $300, using a fake URL that starts with "fbi.gov" to fool unsuspecting users. Closing the window or dismissing the warning creates another pop-up that also cannot be closed without re-spawning. Quitting or force-quitting the browser will return the user to the same page with the cycle beginning again. The code will actually allow the user to quit after 150 or so prompts, but few users are willing to go that far and are not aware that the JavaScript snippet will ever quit. Users can escape the scam by choosing to reset their browser. In Safari the command is located in the application menu and choosing all aspects of the reset. The action does not remove bookmarks but does clear out saved name and passwords as well as resetting any Top Sites that have been saved. Apple has built-in malware protection software in Snow Leopard and later systems that was recently updated, but it's not yet known if it will successfully block this particular malware yet. Assuming it does not yet block the scam, the company is likely to update XProtect to avoid the problem in the near future. The hack does not yet appear to work on mobile browsers.



Comments on this Article
Print Friendly Version
Email to a Friend
Add MacNN to Your RSS Feeds
Buy from the Apple Store


Related Stories:

Today's MacNN Stories:
  • Hands On: Satechi Bluetooth Media Button - 4:30 PM EST
  • Dashlane offers password management for iPhone, Apple Watch - 4:12 PM EST
  • Daily Deals: Nintendo 3DS XL, Harman Kardon speaker, MacBook Air - 3:40 PM EST
  • T-Mobile posts $361M net profit for Q2 following subscriber increase - 2:24 PM EST
  • Paragon Hard Disk Manager for Mac public preview available now - 2:14 PM EST
  • Apple office-space crunch continues with new SF SoMa lease - 1:48 PM EST
  • Apple pushes second beta of iOS 8.4.1 to developers - 1:30 PM EST
  • My Stupid Fault: a trio of (avoidable) tales of hardware failure - 1:15 PM EST
  • Apple opens fourth retail location in Hong Kong - 12:19 PM EST
  • App Update: AudioSwitcher, Invisible, MP3 Toolkit, more - 12:08 PM EST
  • Review: HP 14-inch 14-x030nr Chromebook - 10:53 AM EST
  • MacNN Deals: Three discounted productivity software packages - 10:33 AM EST
  • Samsung takes another beating in second quarter financial results - 9:20 AM EST
  • D-Link launches DWA-192 spherical 802.11ac USB adapter - 8:55 AM EST
  • Briefly: HBO Now on Verizon FiOS, Amazon Dash Button sales - 7:21 AM EST

    Today's iPodNN Stories:
  • So long, and thanks for everything! - 2:31 PM EST
  • Lizard Squad member convicted over 50,700 computer crime charges - 9:58 AM EST
  • Microsoft offers grants to universities for HoloLens research - 7:25 AM EST
  • LG Display starts mass production of AIT display panels for notebooks - 7:47 AM EST
  • Briefly: EE fined £1M in UK, Unofficial YouTube app on Android Wear - 11:14 AM EST
  • No comments posted on this story yet. Please post yours.
    Your Comments
    In order to post comments, you must be a registered member of the MacNN Forums and logged in. Please login with your MacNN Forums username and password.

    MacNN Forums Login:

    MacNN Forums Password:

    Not a member of the MacNN forums? Register now for free.