This discussion is archived
12340 Views 53 Replies Latest reply: Sep 16, 2009 6:56 AM by LarsRaggio
Currently Being ModeratedSep 13, 2009 8:41 AM (in response to Tumbleweed666)Dunno if you're splitting hairs on trojans vs. viruses or not, but there is indeed malicious code written for Mac. Have a look at the securemac.com site for info on recent trojans. (They were also historically susceptible to Word macros viruses, but those were just cross-platform, not specifically written for Mac.)
As far as prevention, Firefox has a NoScript add-on that limits script execution to whitelisted domains. I'm too lazy to whitelist all the necessaries to use it, so until hijacking from usually reliable places becomes a bigger problem, I'll rely on fast fingers and a slow connection.MacBook, Mac OS X (10.5.8)
hey, folks... there is a parallel thread "Mysterious Downloads on 4.0.3" in the Safari for Mac discussion forum about similar happenings through the USA Today site (most of the posts were from August through 9/11). I'm not tech savvy enough to interpret the posts to determine whether it's the same issue. Most recent posts there say that Apple is working on a patch... Any wisdom out there on what, if anything, we should be doing?
Message was edited by: jackbrdApple MacBook Pro, Mac OS X (10.5.8)
i'm new to all this and this is probably an obvious question... has my mac been infected by this thing if it popped up (protection-check07.com from the NYT page)? i cancelled, clicked out of it, and restarted my computer. is there anything else i should do? or am i ok?macbook, Mac OS X (10.5.7)
Same problem as the rest: reading a NYT article and the pop-up comes, & any click starts it. Tried to quit safari as fast as I could, but still ended up with the scanner.exe file downloaded (from the sex-and-the-city url). Moved it to the trash & when I tried to empty the trash, my back-up drive starts going nuts. Stopped empty trash, & don't know what to do now!iMac, Mac OS X (10.4.10)
Currently Being ModeratedSep 13, 2009 9:18 AM (in response to David M Brewer)http://protection-check07.com/1/?sess=%3Dm2y9jDxMiZpcD03MC4xMTQuMjAxLjExNSZ0aW1l PTEyNTU4MUcMNQkN
http://sex-and-the-city.cn/go.php?id=2015&key=ace6725ec&p=1MacBook Air, Mac OS X (10.6)
Currently Being ModeratedSep 13, 2009 9:31 AM (in response to maelstrom_mac_com)WARNING: Clicking on those links above will take you to the malware site lock up your browser.
PLEASE PEOPLE, no need to post a direct, active link to the malware site in question.
Glad to see that everyone's experience here corroborates this as a possible problem from nytimes.com
My guess is that our Macs are safe. I've emailed the the nytimes.com addresses that I could find, with a description of the problem. We'll see!
-smMac OS X (10.6)
Currently Being ModeratedSep 13, 2009 10:04 AM (in response to LarsRaggio)Found this post from today on another thread on this problem. For what it is worth. LR
I just spoke with a customer representative at the main New York Times office in New York. They are aware of the problem and their IT folks are working to resolve the attack on their website. I asked if NYT would please post something on their main page to communicate about this issue with their readers, and the individual I spoke with assured me that they would do that.
The New York Times Company
620 Eighth Avenue
New York, NY 10018
I asked to speak with "security" and was eventually transferred to customer relations.20" iMac Intel Core 2 Duo 2.4 GH, Mac OS X (10.6)
Currently Being ModeratedSep 13, 2009 10:45 AM (in response to LarsRaggio)We experienced the same problem with //protection-check07.com this morning on the International Herald Tribune website. This site is the international arm of NY Times. Using "Force Quit" from the Apple menu is probably the safest exit path when a suspicious pop-up window appears.
I checked the internet "cookies" list via Safari>Preferences then clicking the "Security" tab then clicking "Show Cookies". I entered "sex" in the search line and found a cookie identified as follows: Website| sex-and-the-city.cn; Name| go; Path| /; Expires| September 14, 2009 7:30AM; Contents| 1. Wonder why it expires in 24 hours? We had changed the Safari preferences regarding cookies to "Accept Always" to allow us to register on a legitimate site, but forgot to change the setting back to "Only from sites I visit". I would be interested to hear if anyone else using the cookie setting of "Only from sites I visit" has the telltale cookie. This would help us understand further how successful the intrusion may have been.PowerMac G4, Mac OS X (10.4.11)
Currently Being ModeratedSep 13, 2009 11:05 AM (in response to worldwyn)Yes, I see that I have this cookie in my Safari Preferences, too. Interestingly I have always had "Only accept cookies from sites I have visited" checked ON. At no point have I clicked anything except the "cancel" button on any of these popups. I wonder if they are spoofing "cancel" so that it is really some sort of "accept" button? Otherwise, why does safari allow the site to write the cookie?Mac OS X (10.2.x)
Currently Being ModeratedSep 13, 2009 11:09 AM (in response to David Clayton1)
I wonder if they are spoofing "cancel"
Yes, these popups always do that. NEVER click any button in those windows.iMac C2D 2.16, iMac G5 2.1, flat panel imac 700, ibook G4 1G, Performa 6116CD, Mac OS X (10.5.8)
Currently Being ModeratedSep 13, 2009 11:53 AM (in response to Barbara Brundage)I'm not much of a techie. I had "only accept cookies from sites I've visited" checked, yet found this one on my mac. I imagine deleting it is the only thing to do.2.4 GHz Intel Core Duo, Mac OS X (10.6)
Currently Being ModeratedSep 13, 2009 12:02 PM (in response to Anthony Russo)The page my wife saw has green progress bar as it "scans" your hard drive. This is fake, it is showing a fake list of Windows files. However, if you get the .exe file downloaded to your machine (which is real), just delete it, even though it is not dangerous to your mac.powerbook dual intel, Mac OS X (10.5.8)