toggle

AAPL Stock: 94.72 ( + 0.78 )

Printed from http://www.macnn.com

New 'ransom' malware exploits JavaScript flaw to plague OS X users

updated 11:59 pm EDT, Mon July 15, 2013

Until XProtect updated, only cure is to reset browser

A new bit of "ransomware" that has long been a plague to Windows users has been "ported" to work on Mac browsers, taking advantage of a flaw in JavaScript (not to be confused with Java) to prevent it from being easily dismissed or gotten rid of. The exploit takes advantage of the "restore from crash" to keep bothering the user, and scares them into thinking they must surrender payment information in order to "unlock" their browser and use it normally again, often under threat of persecution. There is a relatively easy fix, though inconvenient.

The ransomware page can be landed on or pushed to users who are using alternative search sites to look for certain kinds of keywords having to do with pirated software or pornography. The page appears to be from the US Federal Bureau of Investigation and claims that the user has been viewing or distributing illegal software or pornography, and that in order to "unlock" the computer they are obligated to pay a release fee of $300, using a fake URL that starts with "fbi.gov" to fool unsuspecting users.

Closing the window or dismissing the warning creates another pop-up that also cannot be closed without re-spawning. Quitting or force-quitting the browser will return the user to the same page with the cycle beginning again. The code will actually allow the user to quit after 150 or so prompts, but few users are willing to go that far and are not aware that the JavaScript snippet will ever quit.

Users can escape the scam by choosing to reset their browser. In Safari the command is located in the application menu and choosing all aspects of the reset. The action does not remove bookmarks but does clear out saved name and passwords as well as resetting any Top Sites that have been saved.

Apple has built-in malware protection software in Snow Leopard and later systems that was recently updated, but it's not yet known if it will successfully block this particular malware yet. Assuming it does not yet block the scam, the company is likely to update XProtect to avoid the problem in the near future. The hack does not yet appear to work on mobile browsers.





by MacNN Staff

toggle

Comments

  1. curmi

    Senior User

    Joined: 04-05-01

    Hold down the "Shift" key when you launch Safari, and it won't reload pages. No need to reset the browser.

  1. The Vicar

    Junior Member

    Joined: 07-01-09

    Also: in Safari, at least, you can clear the page contents using a bookmarklet which will erase the document contents using "document.write" and then you can close the window without any hassle at all. (At least, I checked the URL they gave and it worked.) MacNN's comment system may eat this, but my bookmarklet was:

    javascript:%20void(function(){document.write('%3Chtml%3E%3Chead%3E%3Ctitle%3E%2D%2D%20Page%20has%20been%20erased%20%2D%2D%3C%2Ftitle%3E%3C%2Fhead%3E%3Cbody%20style%3D%22margin%3A0in%3Bpadding%3A25%25%3B%22%3E%3Ch1%20style%3D%22size%3Axx%2Dlarge%3Btext%2Dalign%3Acenter%3Bcolor%3Ared%3Bmargin%3A25%25%3Bfont%2Dweight%3Abold%3B%22%3EThis%20page%20was%20erased%20using%20a%20bookmarklet%2E%3C%2Fh1%3E%3Cp%20style%3D%22text%2Dalign%3Acenter%3B%22%3EThis%20page%20has%20had%20its%20content%20replaced%20with%20this%20message%2E%20If%20you%20want%20the%20content%20back%2C%20you%20will%20need%20to%20reload%20the%20page%2E%3C%2Fp%3E%3C%2Fbody%3E%3C%2Fhtml%3E');}())

  1. chas_m

    MacNN Staff

    Joined: 08-04-01

    Good tips, guys, but I think you're missing the point. Nerds like us (and typical MacNN readers) aren't going to be troubled with this. It's the people who don't know these sorts of things that are the most vulnerable. Luckily, Apple is probably already on top of this (or soon will be) and the anti-malware companies a lot of non-power users rely on will likely update definitions in no time as well, so we're hopeful that this problem doesn't get much traction in the Mac community.

  1. The Vicar

    Junior Member

    Joined: 07-01-09

    @chas_m:

    Actually, finding a painless and simple way out of this is a useful thing. Even if you aren't likely to trigger it yourself, you may well be called on to fix it for someone else at some point, and knowing how to do that would be useful.

  1. Spheric Harlot

    Clinically Insane

    Joined: 11-07-99

    Originally Posted by chas_mView Post

    Good tips, guys, but I think you're missing the point. Nerds like us (and typical MacNN readers) aren't going to be troubled with this. It's the people who don't know these sorts of things that are the most vulnerable. Luckily, Apple is probably already on top of this (or soon will be) and the anti-malware companies a lot of non-power users rely on will likely update definitions in no time as well, so we're hopeful that this problem doesn't get much traction in the Mac community.



    The point of the comment was that the article mentions a baby-and-bathwater solution that is just as unlikely to occur to a non-techie user, while simply holding shift is a usually completely painless and much simpler alternative.

  1. chas_m

    MacNN Staff

    Joined: 08-04-01

    Point taken. Thanks, guys.

  1. NoPiracy

    Fresh-Faced Recruit

    Joined: 07-18-13

    Malware and ransomware are often a result of software piracy. Don't participate and don't allow corporations to get away with this crime – report software piracy to the BSA: http://nopiracy.net/13YiULF

  1. Roehlstation

    Fresh-Faced Recruit

    Joined: 08-23-01

    I'll be making all kinds of cash "fixing" this issue

  1. The Vicar

    Junior Member

    Joined: 07-01-09

    Oh, or you can bring the window to the front of Safari and then run this AppleScript:

    tell application "Safari"
    tell document of window 1 to do JavaScript "document.write('');"
    end tell

Login Here

Not a member of the MacNN forums? Register now for free.

toggle

Network Headlines

toggle

Most Popular

MacNN Sponsor

Recent Reviews

Razer Kraken Pro headset

Gaming headphones are a challenge to get right, for a long list of reasons that are unique to the consumer buying them. Some shoppers ...

Patriot Aero Wireless Mobile Drive

Regardless of how large a tablet you buy, you always want more space. There's always one more movie or another album you'd cram on, ...

Patriot Fuel+ 6000 and 9000mAh batteries

Mobile device batteries are better than they used to be, but there's always a scenario where users could use more juice. Upgrade manu ...

toggle

Most Commented