AIM virus? "Virus-detection" popups in Safari?

Question

Level 1

0 points

AIM virus? "Virus-detection" popups in Safari?

Could it be, some sort of virus on my beloved macbook pro? Here is the story..

Last night when I logged into Adium, I received a message from "aim" claiming that I had some sort of friend request waiting for my approval, and someone wanted to list me in their profile. I hovered over the link and it went to the aim website, and curiosity always kills the cat.. I clicked. (Dumb, right?) Well, it did take me to the aim website and it was asking for my log in, so I closed.

Since then the same IM pops up every time I log on. I'm not sure if that has any affiliation with my next problem, but it could be useful information. I went to myspace.com, and I received a pop up saying something along the lines of "Malware/Spyware has been detected on your computer and you should resolve it by going to this website and downloading our anti-virus software." There was a URL at the top, not sure where it went to because it didn't matter. I canceled out because I had no other option, and it came up again. I canceled once more, and it came up again with only OK as the option. I tried force quitting Safari, and it didn't work at first. I received yet another pop up talking about slow script, asking if I wanted to continue to run it, and I said no, then hit apple alt esc and managed to close Safari.

Everything seems to be working fine in Firefox. Any suggestions as to how to rid of whatever might be happening, or any information on what it is at all would be greatly appreciated, I am not sure where to start. I'll be the first to admit that I an a novice when it comes to this sort of thing. Thank you for your help. I will be happy to give anymore information if needed.

Macbook Pro, Mac OS X (10.4.11)

Posted on Jan 31, 2009 1:54 PM

Reply

Answer 1

Klaus1

Level 9

52,749 points

Jan 31, 2009 3:01 PM in response to Kauri

Yes, sites like that (Adium, FaceBook, YouTube) are notorious for being the prime sources of 'scareware' and malware, most of which is aimed at Windows users and extracting unnecessary money from them with pointless, worthless software. No malware can affect your Mac unless you allow it to install, which in most cases would require your root password.

In your case you may have acquired a 'tracker cookie' sending you to other sites than you intended.

To get rid of them you ned MacScan:

The appearance of Trojans and other malware that can possibly infect a Mac seems to be growing, but is a completely different issue to viruses.

If you allow a Trojan to be installed, the user's DNS records can be modified, redirecting incoming internet traffic through the attacker's servers, where it can be hijacked and injected with malicious websites and pornographic advertisements. The trojan also installs a watchdog process that ensures the victim's (that's you!) DNS records stay modified on a minute-by-minute basis.

SecureMac has introduced a free Trojan Detection Tool for Mac OS X. It's available here:

http://macscan.securemac.com/

The DNSChanger Removal Tool detects and removes spyware targeting Mac OS X and allows users to check to see if the trojan has been installed on their computer; if it has, the software helps to identify and remove the offending file. After a system reboot, the users' DNS records will be repaired.

(Note that a 30 day trial version of MacScan can be downloaded free of charge from:

http://macscan.securemac.com/buy/

and this can perform a complete scan of your entire hard disk. After 30 days the cost is $29.99. The full version permits you to scan selected files and folders only, as well as the entire hard disk. It will detect (and delete if you ask it to) all 'tracker cookies' that switch you to web sites you did not want to go to.)

A white paper has recently been published on the subject of Trojans by SubRosaSoft, available here:

http://www.macforensicslab.com/ProductsAndServices/index.php?mainpage=document_general_info&cPath=11&productsid=174

Also, beware of MacSweeper:

MacSweeper is malware that misleads users by exaggerating reports about spyware, adware or viruses on their computer. It is the first known "rogue" application for the Mac OS X operating system. The software was discovered by F-Secure, a Finland based computer security software company on January 17, 2008

http://en.wikipedia.org/wiki/MacSweeper

On June 23, 2008 this news reached Mac users:

http://www.theregister.co.uk/2008/06/23/mac_trojan/

More information on Mac security can be found here:

http://macscan.securemac.com/

The MacScan application can be downloaded from here:

http://macscan.securemac.com/buy/

You can download a 30 day trail copy which enables you to do a full scan of your hard disk. After that it costs $29.95.

More on Trojans on the Mac here:

http://www.technewsworld.com/story/63574.html?welcome=1214487119

The latest news on the subject, from July 25, 2008, is:

Attack code that exploits flaws in the net's addressing system are starting to circulate online, say security experts.

The code could be a boon to phishing gangs who redirect web users to fake bank sites and steal login details.

In light of the news net firms are being urged to apply a fix for the loop-hole before attacks by hi-tech criminals become widespread.

Net security groups say there is anecdotal evidence that small scale attacks are already happening.

Further details here: http://news.bbc.co.uk/2/hi/technology/7525206.stm

A further recent development is the Koobface malware that can be picked up from Facebook (already a notorious site for malware), as reported here on December 9, 2008:

http://news.bbc.co.uk/newsbeat/hi/technology/newsid_7773000/7773340.stm

There may be other ways of guarding against Trojans, viruses and general malware affecting the Mac, and alternatives will probably appear in the future. In the meantime the advice is: be careful where you go on the web and what you download!

Reply