Previous 1 2 3 4 Next 53 Replies Latest reply: Sep 16, 2009 6:56 AM by LarsRaggio Go to original post
  • fposte Level 1 Level 1 (0 points)
    Dunno if you're splitting hairs on trojans vs. viruses or not, but there is indeed malicious code written for Mac. Have a look at the securemac.com site for info on recent trojans. (They were also historically susceptible to Word macros viruses, but those were just cross-platform, not specifically written for Mac.)

    As far as prevention, Firefox has a NoScript add-on that limits script execution to whitelisted domains. I'm too lazy to whitelist all the necessaries to use it, so until hijacking from usually reliable places becomes a bigger problem, I'll rely on fast fingers and a slow connection.
  • jackbrd Level 1 Level 1 (0 points)
    hey, folks... there is a parallel thread "Mysterious Downloads on 4.0.3" in the Safari for Mac discussion forum about similar happenings through the USA Today site (most of the posts were from August through 9/11). I'm not tech savvy enough to interpret the posts to determine whether it's the same issue. Most recent posts there say that Apple is working on a patch... Any wisdom out there on what, if anything, we should be doing?

    Message was edited by: jackbrd
  • lizaries13 Level 1 Level 1 (0 points)
    i'm new to all this and this is probably an obvious question... has my mac been infected by this thing if it popped up (protection-check07.com from the NYT page)? i cancelled, clicked out of it, and restarted my computer. is there anything else i should do? or am i ok?
  • smh3 Level 1 Level 1 (0 points)
    Same problem as the rest: reading a NYT article and the pop-up comes, & any click starts it. Tried to quit safari as fast as I could, but still ended up with the scanner.exe file downloaded (from the sex-and-the-city url). Moved it to the trash & when I tried to empty the trash, my back-up drive starts going nuts. Stopped empty trash, & don't know what to do now!
  • DrSam Level 1 Level 1 (0 points)
    WARNING: Clicking on those links above will take you to the malware site lock up your browser.

    PLEASE PEOPLE, no need to post a direct, active link to the malware site in question.

    Glad to see that everyone's experience here corroborates this as a possible problem from nytimes.com

    My guess is that our Macs are safe. I've emailed the the nytimes.com addresses that I could find, with a description of the problem. We'll see!

    -sm
  • LarsRaggio Level 1 Level 1 (10 points)
    SM
    I am sure you will post any replies from NYTimes? Also anyone hearing about a Mac patch for this too. Thanks.
    LR
  • LarsRaggio Level 1 Level 1 (10 points)
    Found this post from today on another thread on this problem. For what it is worth. LR
    ================
    I just spoke with a customer representative at the main New York Times office in New York. They are aware of the problem and their IT folks are working to resolve the attack on their website. I asked if NYT would please post something on their main page to communicate about this issue with their readers, and the individual I spoke with assured me that they would do that.

    The New York Times Company
    620 Eighth Avenue
    New York, NY 10018
    General Inquiries:
    (212) 556-1234

    I asked to speak with "security" and was eventually transferred to customer relations.
  • worldwyn Level 1 Level 1 (25 points)
    We experienced the same problem with //protection-check07.com this morning on the International Herald Tribune website. This site is the international arm of NY Times. Using "Force Quit" from the Apple menu is probably the safest exit path when a suspicious pop-up window appears.

    I checked the internet "cookies" list via Safari>Preferences then clicking the "Security" tab then clicking "Show Cookies". I entered "sex" in the search line and found a cookie identified as follows: Website| sex-and-the-city.cn; Name| go; Path| /; Expires| September 14, 2009 7:30AM; Contents| 1. Wonder why it expires in 24 hours? We had changed the Safari preferences regarding cookies to "Accept Always" to allow us to register on a legitimate site, but forgot to change the setting back to "Only from sites I visit". I would be interested to hear if anyone else using the cookie setting of "Only from sites I visit" has the telltale cookie. This would help us understand further how successful the intrusion may have been.
  • smh3 Level 1 Level 1 (0 points)
    I checked my cookies - setting was "only from sites..." and the cookie was there...
  • David Clayton1 Level 1 Level 1 (65 points)
    Yes, I see that I have this cookie in my Safari Preferences, too. Interestingly I have always had "Only accept cookies from sites I have visited" checked ON. At no point have I clicked anything except the "cancel" button on any of these popups. I wonder if they are spoofing "cancel" so that it is really some sort of "accept" button? Otherwise, why does safari allow the site to write the cookie?
  • Barbara Brundage Level 7 Level 7 (22,075 points)
    I wonder if they are spoofing "cancel"


    Yes, these popups always do that. NEVER click any button in those windows.
  • David Clayton1 Level 1 Level 1 (65 points)
    it's diabolical because the popup has the Safari icon and looks at a glance like a bona fide notification.
  • Anthony Russo Level 1 Level 1 (0 points)
    I'm not much of a techie. I had "only accept cookies from sites I've visited" checked, yet found this one on my mac. I imagine deleting it is the only thing to do.
  • Terrence Harvey Level 1 Level 1 (5 points)
    The page my wife saw has green progress bar as it "scans" your hard drive. This is fake, it is showing a fake list of Windows files. However, if you get the .exe file downloaded to your machine (which is real), just delete it, even though it is not dangerous to your mac.