This downloaded (quickly) without any prompting by me while I was using Safari. I immediately updated my software and trashed the file. Anyone know what this is?
hey, folks... there is a parallel thread "Mysterious Downloads on 4.0.3" in the Safari for Mac discussion forum about
similar happenings through the USA Today site (most of the posts were from August through 9/11). I'm not tech savvy enough to interpret the posts to determine whether it's the
same issue. Most recent posts there say that Apple is working on a patch... Any wisdom out there on what, if anything, we should be doing?
i'm new to all this and this is probably an obvious question... has my mac been infected by this thing if it popped up (protection-check07.com from the NYT page)? i cancelled, clicked out of it, and restarted my computer. is there anything else i should do? or am i ok?
Same problem as the rest: reading a NYT article and the pop-up comes, & any click starts it. Tried to quit safari as fast as I could, but still ended up with the scanner.exe file downloaded (from the sex-and-the-city url). Moved it to the trash & when I tried to empty the trash, my back-up drive starts going nuts. Stopped empty trash, & don't know what to do now!
Found this post from today on another thread on this problem. For what it is worth. LR
================
I just spoke with a customer representative at the main New York Times office in New York. They are aware of the problem and their IT folks are working to resolve the attack on their website. I asked if NYT would please post something on their main page to communicate about this issue with their readers, and the individual I spoke with assured me that they would do that.
The New York Times Company
620 Eighth Avenue
New York, NY 10018
General Inquiries:
(212) 556-1234
I asked to speak with "security" and was eventually transferred to customer relations.
We experienced the same problem with //protection-check07.com this morning on the International Herald Tribune website. This site is the international arm of NY Times. Using "Force Quit" from the Apple menu is probably the safest exit path when a suspicious pop-up window appears.
I checked the internet "cookies" list via Safari>Preferences then clicking the "Security" tab then clicking "Show Cookies". I entered "sex" in the search line and found a cookie identified as follows: Website| sex-and-the-city.cn; Name| go; Path| /; Expires| September 14, 2009 7:30AM; Contents| 1. Wonder why it expires in 24 hours? We had changed the Safari preferences regarding cookies to "Accept Always" to allow us to register on a legitimate site, but forgot to change the setting back to "Only from sites I visit". I would be interested to hear if anyone else using the cookie setting of "Only from sites I visit" has the telltale cookie. This would help us understand further how successful the intrusion may have been.
Yes, I see that I have this cookie in my Safari Preferences, too. Interestingly I have always had "Only accept cookies from sites I have visited" checked ON. At no point have I clicked anything except the "cancel" button on any of these popups. I wonder if they are spoofing "cancel" so that it is really some sort of "accept" button? Otherwise, why does safari allow the site to write the cookie?
I'm not much of a techie. I had "only accept cookies from sites I've visited" checked, yet found this one on my mac. I imagine deleting it is the only thing to do.
The page my wife saw has green progress bar as it "scans" your hard drive. This is fake, it is showing a fake list of Windows files. However, if you get the .exe file downloaded to your machine (which is real), just delete it, even though it is not dangerous to your mac.