MacNN | New 'ransom' malware exploits JavaScript flaw to plague OS X users
Mac News Network View: Standard | Headlines | Categorized | Slim
Mac News Network
Mac News iPod News Reviews Forums
 

Desktop Headlines
New 'ransom' malware exploits JavaScript flaw to plague OS X users
Monday, July 15, 2013 @ 11:59pm

A new bit of "ransomware" that has long been a plague to Windows users has been "ported" to work on Mac browsers, taking advantage of a flaw in JavaScript (not to be confused with Java) to prevent it from being easily dismissed or gotten rid of. The exploit takes advantage of the "restore from crash" to keep bothering the user, and scares them into thinking they must surrender payment information in order to "unlock" their browser and use it normally again, often under threat of persecution. There is a relatively easy fix, though inconvenient.



The ransomware page can be landed on or pushed to users who are using alternative search sites to look for certain kinds of keywords having to do with pirated software or pornography. The page appears to be from the US Federal Bureau of Investigation and claims that the user has been viewing or distributing illegal software or pornography, and that in order to "unlock" the computer they are obligated to pay a release fee of $300, using a fake URL that starts with "fbi.gov" to fool unsuspecting users. Closing the window or dismissing the warning creates another pop-up that also cannot be closed without re-spawning. Quitting or force-quitting the browser will return the user to the same page with the cycle beginning again. The code will actually allow the user to quit after 150 or so prompts, but few users are willing to go that far and are not aware that the JavaScript snippet will ever quit. Users can escape the scam by choosing to reset their browser. In Safari the command is located in the application menu and choosing all aspects of the reset. The action does not remove bookmarks but does clear out saved name and passwords as well as resetting any Top Sites that have been saved. Apple has built-in malware protection software in Snow Leopard and later systems that was recently updated, but it's not yet known if it will successfully block this particular malware yet. Assuming it does not yet block the scam, the company is likely to update XProtect to avoid the problem in the near future. The hack does not yet appear to work on mobile browsers.



Comments on this Article
Print Friendly Version
Email to a Friend
Add MacNN to Your RSS Feeds
Buy from the Apple Store


Related Stories:

Today's MacNN Stories:
  • Report: Yosemite already accounting for 3.3 percent of all Macs - 7:53 PM EST
  • Some AppleSeed testers gain access to new iCloud for Windows beta - 5:46 PM EST
  • Apple opens 'Product Integrity Inclusion and Diversity' scholarship - 5:07 PM EST
  • AT&T complains about unfairness of municipal broadband to FCC - 4:22 PM EST
  • Atlanta to get Cumberland Mall Apple Store on Saturday - 3:38 PM EST
  • Google Enterprise services rebranding as 'Google for Work' - 3:07 PM EST
  • Apple: Celebrity photo leaks not result of iCloud breach - 3:06 PM EST
  • Apple seeds OS X Yosemite Developer Preview 7 [u] - 1:54 PM EST
  • Office for iPad updates with support for monthly subscriptions - 1:40 PM EST
  • Native Instruments announces Komplete 10 bundles, new keyboards - 12:49 PM EST
  • Briefly: PDF Forms 3.0, SWISS Airlines to use iPad in cockpit - 12:40 PM EST
  • Forums: new channels on Apple TV and more - 12:09 PM EST
  • Apple deals: Mac desktops from $929 - 12:08 PM EST
  • DealNN: iPad mini for $200 - 12:07 PM EST
  • Sonos software update adds home Wi-Fi support to speaker system - 11:49 AM EST
  • Video shows alleged rear shell for 5.5-inch iPhone [u] - 10:33 AM EST
  • Sony QX1 Smart Lens leaks with E-Mount lens compatibility - 9:55 AM EST
  • iWatch still in engineering verification phase, rumor claims - 9:47 AM EST
  • Uber Germany facing shutdown country wide, appealing order - 9:26 AM EST
  • Elgato launches trio of HomeKit compatible home automation devices - 8:01 AM EST
  • Briefly: LinkedIn retires InMaps, BBC's kids' coding, computing shows - 1:00 AM EST

    Today's iPodNN Stories:
  • HyperX shows off Predator DDR4 RAM, headsets, mouse pads at PAX Prime - 9:30 PM EST
  • Home Depot investigating possible credit card data breach - 6:39 PM EST
  • Gaems details new devices including M240, release date set for M155 - 6:25 PM EST
  • Ouya reportedly receiving attention over potential acquisition - 4:09 PM EST
  • BlackBerry invitations to three events hint at Passport launch - 1:07 PM EST
  • No comments posted on this story yet. Please post yours.
    Your Comments
    In order to post comments, you must be a registered member of the MacNN Forums and logged in. Please login with your MacNN Forums username and password.

    MacNN Forums Login:

    MacNN Forums Password:

    Not a member of the MacNN forums? Register now for free.