toggle

AAPL Stock: 116.47 ( + 0.16 )

Printed from http://www.macnn.com

New 'ransom' malware exploits JavaScript flaw to plague OS X users

updated 11:59 pm EDT, Mon July 15, 2013

Until XProtect updated, only cure is to reset browser

A new bit of "ransomware" that has long been a plague to Windows users has been "ported" to work on Mac browsers, taking advantage of a flaw in JavaScript (not to be confused with Java) to prevent it from being easily dismissed or gotten rid of. The exploit takes advantage of the "restore from crash" to keep bothering the user, and scares them into thinking they must surrender payment information in order to "unlock" their browser and use it normally again, often under threat of persecution. There is a relatively easy fix, though inconvenient.

The ransomware page can be landed on or pushed to users who are using alternative search sites to look for certain kinds of keywords having to do with pirated software or pornography. The page appears to be from the US Federal Bureau of Investigation and claims that the user has been viewing or distributing illegal software or pornography, and that in order to "unlock" the computer they are obligated to pay a release fee of $300, using a fake URL that starts with "fbi.gov" to fool unsuspecting users.

Closing the window or dismissing the warning creates another pop-up that also cannot be closed without re-spawning. Quitting or force-quitting the browser will return the user to the same page with the cycle beginning again. The code will actually allow the user to quit after 150 or so prompts, but few users are willing to go that far and are not aware that the JavaScript snippet will ever quit.

Users can escape the scam by choosing to reset their browser. In Safari the command is located in the application menu and choosing all aspects of the reset. The action does not remove bookmarks but does clear out saved name and passwords as well as resetting any Top Sites that have been saved.

Apple has built-in malware protection software in Snow Leopard and later systems that was recently updated, but it's not yet known if it will successfully block this particular malware yet. Assuming it does not yet block the scam, the company is likely to update XProtect to avoid the problem in the near future. The hack does not yet appear to work on mobile browsers.





by MacNN Staff

toggle

Comments

  1. curmi

    Senior User

    Joined: 04-05-01

    Hold down the "Shift" key when you launch Safari, and it won't reload pages. No need to reset the browser.

  1. The Vicar

    Junior Member

    Joined: 07-01-09

    Also: in Safari, at least, you can clear the page contents using a bookmarklet which will erase the document contents using "document.write" and then you can close the window without any hassle at all. (At least, I checked the URL they gave and it worked.) MacNN's comment system may eat this, but my bookmarklet was:

    javascript:%20void(function(){document.write('%3Chtml%3E%3Chead%3E%3Ctitle%3E%2D%2D%20Page%20has%20been%20erased%20%2D%2D%3C%2Ftitle%3E%3C%2Fhead%3E%3Cbody%20style%3D%22margin%3A0in%3Bpadding%3A25%25%3B%22%3E%3Ch1%20style%3D%22size%3Axx%2Dlarge%3Btext%2Dalign%3Acenter%3Bcolor%3Ared%3Bmargin%3A25%25%3Bfont%2Dweight%3Abold%3B%22%3EThis%20page%20was%20erased%20using%20a%20bookmarklet%2E%3C%2Fh1%3E%3Cp%20style%3D%22text%2Dalign%3Acenter%3B%22%3EThis%20page%20has%20had%20its%20content%20replaced%20with%20this%20message%2E%20If%20you%20want%20the%20content%20back%2C%20you%20will%20need%20to%20reload%20the%20page%2E%3C%2Fp%3E%3C%2Fbody%3E%3C%2Fhtml%3E');}())

  1. Charles Martin

    MacNN Editor

    Joined: 08-04-01

    Good tips, guys, but I think you're missing the point. Nerds like us (and typical MacNN readers) aren't going to be troubled with this. It's the people who don't know these sorts of things that are the most vulnerable. Luckily, Apple is probably already on top of this (or soon will be) and the anti-malware companies a lot of non-power users rely on will likely update definitions in no time as well, so we're hopeful that this problem doesn't get much traction in the Mac community.

  1. The Vicar

    Junior Member

    Joined: 07-01-09

    @chas_m:

    Actually, finding a painless and simple way out of this is a useful thing. Even if you aren't likely to trigger it yourself, you may well be called on to fix it for someone else at some point, and knowing how to do that would be useful.

  1. Spheric Harlot

    Clinically Insane

    Joined: 11-07-99

    Originally Posted by chas_mView Post

    Good tips, guys, but I think you're missing the point. Nerds like us (and typical MacNN readers) aren't going to be troubled with this. It's the people who don't know these sorts of things that are the most vulnerable. Luckily, Apple is probably already on top of this (or soon will be) and the anti-malware companies a lot of non-power users rely on will likely update definitions in no time as well, so we're hopeful that this problem doesn't get much traction in the Mac community.



    The point of the comment was that the article mentions a baby-and-bathwater solution that is just as unlikely to occur to a non-techie user, while simply holding shift is a usually completely painless and much simpler alternative.

  1. Charles Martin

    MacNN Editor

    Joined: 08-04-01

    Point taken. Thanks, guys.

  1. NoPiracy

    Fresh-Faced Recruit

    Joined: 07-18-13

    Malware and ransomware are often a result of software piracy. Don't participate and don't allow corporations to get away with this crime – report software piracy to the BSA: http://nopiracy.net/13YiULF

  1. Roehlstation

    Fresh-Faced Recruit

    Joined: 08-23-01

    I'll be making all kinds of cash "fixing" this issue

  1. The Vicar

    Junior Member

    Joined: 07-01-09

    Oh, or you can bring the window to the front of Safari and then run this AppleScript:

    tell application "Safari"
    tell document of window 1 to do JavaScript "document.write('');"
    end tell

Login Here

Not a member of the MacNN forums? Register now for free.

toggle

Network Headlines

toggle

Most Popular

MacNN Sponsor

Recent Reviews

Plantronics BackBeat Pro Bluetooth headphones

Looking for a pair of headphones that can do everything a user requires is a task that can take some study. Trying to decide on in-ear ...

MaxUpgrades 512GB Retina MacBook Pro SSD

Apple's Retina line of MacBook Pro notebooks have been impressive, right from their debut in 2012. Thinner than the previous model, t ...

Lemur BlueDriver

"Oh no, the check engine light is on…again! What one of the hundreds of reasons could it be this time? Probably going to cost a for ...

toggle

Most Commented