Previous 1 2 3 Next 32 Replies Latest reply: Feb 10, 2008 10:53 AM by RacerX
xxxzombie Level 1 Level 1 (0 points)
i checked my history today after someone used my computer and MacSweeper was found in the history pane. it supposedly scans macs for viruses and it looks quite suspicious.

anyone know what this is?

macbook, Mac OS X (10.5.1), n/a
  • Apple Angel Level 1 Level 1 (0 points)
    Yes, I used it. Its cleaning tool for Mac, it cleans Universal Binaries, Language files, and some other trash. It also found some strange cookies. I saved more then 5Gb of disk space with it. They promised to release some "Most Wanted" features soon, i hope they will be useful
  • ec84 Level 1 Level 1 (0 points)
    the same thing has been happening to me. i don't know where it came from either but it started today, not too long ago. what happens to me is while i'm browsing whatever webpage i'm on gets automatically directed to this one:

    http://scanner.macsweeper.com/scan.php?landid=2&os=macos&depid=maxc%5Fclr07&cid= 2271&parid=mc%5F346586211

    it "scans" my machine and says its found bad cookies, that my privacy is at stake and what not. then a window pops up and asks me if i want to clear them. if i click on anything it'll try downloading the software.

    how do i get rid of this? it's really annoying. i don't want it and i'd wish it would leave me alone.
  • Apple Angel Level 1 Level 1 (0 points)
    Check what is your home page, strange reaction, this cannot be happening on MacOS. Check your history, perhaps you'll find something interesting there? I downloaded mine by searching some cleaning tool in Google.
  • ec84 Level 1 Level 1 (0 points)
    i didn't find anything in my history. my home page is google but i doubt that has anything to do with anything. i've discovered that these page redirections only occur when i visit a website i frequent. its a message board so i'm constantly clicking to read different threads. it hasn't happened in any other website i've visited. for now, i'm going to assume it's just that website.
  • Apple Angel Level 1 Level 1 (0 points)
    What site was that?
  • First Magus Level 6 Level 6 (15,850 points)
    Apple Angel wrote:
    Check what is your home page, strange reaction, this cannot be happening on MacOS. Check your history, perhaps you'll find something interesting there? I downloaded mine by searching some cleaning tool in Google.


    Yes it can, this is a web page redirect. It has nothing to do with the OS. This is common among the software companies like macsweeper that want you to think you have to have their software to protect you. Usually the software is more obtrusive and meaningless than the redirects.

    Mort
  • Anton Rang Level 1 Level 1 (70 points)
    It's an advertisement ... the web page is loading a JavaScript which is telling the browser to go to the advertising page. You can turn off JavaScript, but that will cause a lot of other web sites not to work. Or you can stop browsing to the web page with the malicious advertising code on it. (Friendster is one that's serving these up this week, but they're coming through some ad network.)

    To turn off JavaScript, go to Safari preferences, click on the Advanced tab, and turn it off. (You'll want to turn it back on eventually.)

    Message was edited by: Anton Rang
  • Jetreader Level 1 Level 1 (0 points)
    Would you say then that this is a good utility? The same thing happened to me as to "ec84" (and I don't even remember what site). I went ahead and downloaded the DMG, but I wanted to check around before I installed it.

    Jetreader



    "Yes, I used it. Its cleaning tool for Mac, it cleans Universal Binaries, Language files, and some other trash. It also found some strange cookies. I saved more then 5Gb of disk space with it. They promised to release some "Most Wanted" features soon, i hope they will be useful "
  • JoeyR Level 6 Level 6 (8,275 points)
    Quite frankly, I would NEVER use a utility from a company that uses these tactics. Anyone that goes to the site linked will get the same results. It's basically just playing a video... it's not an actual scan (a thorough scan would take much more than a few seconds). If you feel you need an antivirus program (most of us using Macs are comfortable without one), you should make sure it is from a reputable vendor. About the only way to get a virus or malware on your Mac is to install an application from a source you're not familiar with. I am not familiar with this product... but the simple fact that they try to trick people into thinking they have a problem is enough for me to have concern and to stay far away from it.
  • RacerX Level 2 Level 2 (170 points)
    According to the latest news on this, you want to avoid this "software" like the plague. It appears that this may be a malicious app that is being unleashed using scare tactics. The scans are a joke as are the results as it is flagging language files as being suspect of privacy concerns!?!?
  • gaberdine mac Level 1 Level 1 (30 points)
    This sounds like a Mac version of the infamous MalwareAlarm rogue software which uses clever web pages to trick you into downloading it. Though the rogue software is real, the online scan is not.

    http://discussions.apple.com/thread.jspa?messageID=6212617

    http://forums.macrumors.com/showthread.php?t=406930

    The MalwareAlarm scam works by browser redirection, starting with a legitimate site that has been hacked - as happened to 123greetings.com over Christmas and New Year. In that instance the web page runs a flash animation that only looks like a virus scan in operation - and claims to find malicious .exe files and Windows Trojans. If you don't run Windows XP you are unlikely to be fooled for long, though the browser alert that demands a response from the user is a bit alarming.

    http://forums.macrumors.com//showthread.php?p=4714181#post4714181 (scroll down for picture)

    Reports that even Windows users see the MacSweeper scan finding Mac files on their system pretty much confirm that this web page only appears to be running a scan. Personally, I don't believe the reports of drive-by downloads with no user intervention. The main thing is to click CANCEL when the alert window pops up and not hit RETURN which actually OKs the download.

    However, even when you click CANCEL, the *fake scanner webpage* may run an animation that looks like it is scanning you or downloading software or something. Don't be fooled by this - just close the page or quit your browser and make a cup of tea.

    Chances are, this is merely a combination of website hacking and social engineering. Once again: though the rogue software may be real, the online scan is not. If you never downloaded the software but keep getting redirected to the scanner page when visiting certain web page it almost certainly means those pages have been compromised, *not your Mac*...

    This is no biggie for alert Mac users; just pay attention to what you are doing online and warn webmasters when their page has been hacked to redirect you to the fake scanner page.

    Unless some dunderhead OK's the download I would say Mac users still have very little to worry about - Chillax!

    Message was edited by: gaberdine mac
  • Joe Co Level 1 Level 1 (130 points)
    You're pretty much right, but it DOES force the download, as there's no "cancel" button on the JavaScript alert (just an OK button).

    So the DMG file does download regardless, though Safari does give the "this download is an application, are you sure" warning/confirmation dialogue when it's downloaded.

    It still requires user interaction to install, and there is a warning about doing so, but it is still a worrying development that this sort of thing is now being seen targetting Macs.
  • SharonF Level 1 Level 1 (0 points)
    I'm a new-ish Mac user and was a long time Windows user. Based on that experience, I want to add something to this thread.

    Do not click on anything on that page except the red "close window" buttons.

    Clicking on anything else will cause a forced download (that's how the page author has programmed the clickable buttons within the page).

    Thankfully and due to the Mac OS X platform, the download shouldn't be able to install without the user initiating it. As an extra precaution, may want to turn off the Safari option to open downloaded files. Executable programs should fall outside the scope of the default setting (automatically open safe files) but it sure wouldn't hurt to change that setting.
Previous 1 2 3 Next