Skip navigation

Malware reappearing in cache.db

6043 Views 34 Replies Latest reply: Jan 28, 2012 3:35 PM by davidh RSS
  • softwater Level 5 Level 5 (5,370 points)
    Currently Being Moderated
    Jan 27, 2012 5:26 AM (in response to thomas_r.)

    Thomas A Reed wrote:



    As I understand the evercookie, the data is stored in a variety of places.  Then, when you revisit the site that set that cookie, a script recreates any of that data that has been deleted, using copies in other locations.  If you were never to revisit the site, you'd never see any of that happen.



    You're overlooking the fact that some cookies work across multiple sites and domains owned, operated or managed by the same people/group/organisation, and you may not even know that they belong to each other.



    Thomas A Reed wrote:


    Cookies present more of a privacy concern than a security concern.  I personally am not interested in worrying that some site might track what pages I have visited and when.


    Then it is you who does not understand the dangers of cookies. Tracking your behaviour across multiple sites can reveal a lot about you, just as can trawling through someone's refuse. You might not think you're giving anything away, but patterns of behaviour over time eventually lead to everything being known about you and are the main technique of identity theft.


    Your blaise attitude might be fine for you, but it's not something I'd recommend as a general policy.


    From: Webopedia

    Cookies normally do not compromise security, but there is a growing trend of malicious cookies. These types of cookies can be used to store and track your activity online. Cookies that watch your online activity are called malicious or tracking cookies. These are the bad cookies to watch for, because they track you and your surfing habits, over time, to build a profile of your interests.

  • thomas_r. Level 7 Level 7 (26,945 points)
    Currently Being Moderated
    Jan 27, 2012 6:45 AM (in response to softwater)

    I'm not overlooking that, it just makes no difference to the point, which is that cookies CANNOT contain code that is executed independently.  Cookies are DATA ONLY.  If someone uses cookies to track you across multiple sites, there are obvious privacy implications, but that does not change the fact that they are not malware.


    As to the privacy issues with cookies, that is outside the scope of this discussion, and would be better debated elsewhere.

  • etresoft Level 7 Level 7 (23,900 points)

    You might be getting stuck by Lion which always re-load the last window configuration. Launch Safari again. This time, hold down the option key when you to to Safari > Quit Safari.

  • softwater Level 5 Level 5 (5,370 points)
    Currently Being Moderated
    Jan 27, 2012 8:18 AM (in response to thomas_r.)

    Oh do stop playing semantics to save face, Thomas.


    The point is that these kind of persistent cookies are a problem and are undesirable. I'm not sure how to get rid of them apart from the link I suggested earlier. Or is that "off-topic" too?

  • thomas_r. Level 7 Level 7 (26,945 points)
    Currently Being Moderated
    Jan 27, 2012 9:14 AM (in response to softwater)

    I am not playing semantics, I'm answering the question.  The OP claims this is malware, and that this "malicious code" is going to spam all his contacts.  That is not true.  Period, end of story.  Unless you wish to discuss that particular issue, we're done here.  You can debate the danger these cookies pose to privacy with yourself if you wish.

  • Kurt Lang Level 7 Level 7 (31,490 points)

    I completely erased the harddrive and reinstalled Mac OS X Lion.

    Then it is completely impossible for any unwanted cookies to return unless you revisit the offending site where you got it in the first place, or restore the rest of your Time Machine data, which will of course reintroduce the offending files.


    There is no software of any kind anywhere in the world that can survive an erasure of the file table and then magically reappear in the newly installed OS. You have to be reintroducing somehow.


    Killing the evercookie in Safari.

  • thomas_r. Level 7 Level 7 (26,945 points)

    The thing is, all that you've said is just anecdotal...  you haven't provided any real details, so we just have to accept your word that your interpretation of events is correct.  And it doesn't sound like you have much technical knowledge when it comes to the Mac.  (Not meaning that as an insult, just a statement.)  That means that your interpretation of events is very questionable.


    How we can explain what you have seen, I don't know, because of the lack of details.  I don't know what error you're referring to with regard to media being unable to be erased, but it seems obvious that the reinstall did not go off without a hitch, so it cannot be claimed to be clean.  The Mac OS certainly does not log passwords to log files, but you may have had some bad software installed that did.


    Regarding the "two armed guards" on Windows, it's important that you understand that they're more like myopic ninjas.  When they see something bad, they come down hard on it...  but they don't always see it.  Modern AV software recognizes at best 90% of all malware.  I've got two trojans in my collection that are recognized by only 36% and 50% of the AV engines VirusTotal tests with, despite having been first spotted in early fall of last year.


    Also, it's important to understand that the Mac OS has built-in anti-malware protection!  And, though it has its own limitations, like all anti-malware, it at least recognizes all the malware in my collection.  You could easily do far worse.


    The Mac OS is actually quite secure out of the box.  It is, after all, a Unix system, and Unix has been resisting attacks for a very long time.  The biggest security issue for any Mac is between the chair and keyboard.  If you are interested in learning more about security and your Mac, there are many people here who can help, if you let us.  If you choose not to, well...  good luck maintaining security with Windows!

  • thomas_r. Level 7 Level 7 (26,945 points)

    Start by reading the Mac Malware Guide I referred to earlier.  I wrote it, so I'm tooting my own horn a bit, but I think it's a pretty good reference.  I've worked very hard on it.


    Regarding things like malicious JavaScripts (which also encompasses the mechanism that makes evercookies work), note that there's really not much they can actually do.  Some people get bothered by the potential privacy issues that these things make possible, others don't.  If you're in the former category, either turn off JavaScript in Safari, or use Firefox along with the NoScript plugin for more granular control over which sites are allowed to run JavaScripts.


    As for other issues, many people will recommend a firewall, but chances are good you don't need one.  See Do I need a firewall?  (Note that my pages contain links to other pages that promote my services, and this should not be taken as an endorsement of my services by Apple.)  You should also make sure not to open up any network services by turning them on in System Preferences -> Sharing unless you need to.  If you need to, they pose no security risk at all on your own home network (provided it's locked down with a password) and can be pretty easily secured on open networks.


    To protect your data against an attacker with physical access to the machine (such as a thief or a dishonest friend or co-worker), encrypt any data that is sensitive.  Your account password can be reset and any data accessed fairly easily.  You can encrypt groups of files using encrypted sparse disk images made with Disk Utility, or you can encrypt the entire hard drive with FileVault (in Mac OS X 10.7).  The keychain is a secure place to keep stuff as well, as long as you don't leave the computer unattended with the account logged in and the keychain unlocked.  Resetting your account password will NOT reset the keychain password, regardless of what some people will tell you.  (I've tested it.)


    Beyond that, just keep in mind good general security practices...  use good passwords, don't use the same password for everything, don't click links in e-mails, don't trust any web site that says it has "scanned your hard drive" and found viruses, be cautious what you do on open wireless networks, etc.


    If there's something left unanswered after all that, please ask!

  • thomas_r. Level 7 Level 7 (26,945 points)

    I'm not sure what the netbiosd stuff is, but those stealth mode connection attempts sound a lot scarier than they actually are.  Stealth mode connection attempts usually occur when a packet has taken too long to return and the computer has stopped listening for it.


    But, I really think using a firewall on a Mac is serious overkill except in very specific uses - like a Mac server that is constantly exposed to direct access from the internet and has a lot of services open.  There's no currently known way for a hacker without physical access to get access to your Mac out of the box, with no services open in System Preferences -> Sharing and with the firewall off.  And if you open up a service, you've got to poke a hole in the firewall anyway, or it won't work.  Really, just turn off the firewall, it's not helping you.


More Like This

  • Retrieving data ...

Bookmarked By (0)


  • This solved my question - 10 points
  • This helped me - 5 points
This site contains user submitted content, comments and opinions and is for informational purposes only. Apple disclaims any and all liability for the acts, omissions and conduct of any third parties in connection with or related to your use of the site. All postings and use of the content on this site are subject to the Apple Support Communities Terms of Use.