Skip navigation

Safari warning message on main screen, question

4687 Views 22 Replies Latest reply: Dec 9, 2012 12:02 AM by DrDinTN RSS
1 2 Previous Next
powerbook1701 Level 3 Level 3 (545 points)
Currently Being Moderated
Oct 10, 2010 1:27 PM
Ok, I have seen the warning pop up message with red bars that says "warning, this site is suspected...". Today, I saw a new one with either cancel or ok. I hit cancel thinking it would not the page. But, the page loaded anyway (probably should have hit ok instead). Honestly, I knew something was wrong so I closed the page as fast as possbile. I reset Safari with all boxes checkmarked.
I was going a google search on "outside double spotlight repair" or something like that and clicked on one of the resulting pages.
As I understand it, there really is NO virus or spyware out there for macs. Also, one must actually install the offending virus or spyware and enter password to actually put it on a mac. And lastly, Mac OS has a limited AV built in, so, bottom line..I should be ok??

With the exception of iTunes, all is up to date, including Flash Player.

Message was edited by: powerbook1701
MBP 15-inch 2.66 GHz Intel Core i7 / 4GB SDRAM / AG Screen (Mid 2010), Mac OS X (10.6.4), iPhone 3GS (32GB), AEBS DB II (Late 2009), Apple Wired Keyboard/Mouse, ClamXav
  • andyBall_uk Level 6 Level 6 (17,440 points)
    so, bottom line..I should be ok??


    Yes

    If you downloaded some 'security' software from them, or a marvellous new 'video codec', then entered a password... probably not.
  • Klaus1 Level 8 Level 8 (43,300 points)
    That warning is from Google’s Safe Browsing Initiative and forms part of the Anti-Phishing security feature of Safari.

    How the Anti-Phishing feature of Safari 3.2 onwards works:

    http://www.macworld.com/article/137094/2008/11/safarisafebrowsing.html
    20" 2.1GHz iSight iMac G5,, Mac OS X (10.5.8), iLife 9 but iMovie 6, QTPro 7.6.6, Safari 5.0.2
  • andyBall_uk Level 6 Level 6 (17,440 points)
    Currently Being Moderated
    Oct 10, 2010 3:25 PM (in response to Klaus1)
    pb1701 said it wasn't the usual one
    which you can see at
    /Applications/Safari.app/Contents/Resources/PhishingAlert.html


    just paste that into safari address bar.
  • ~Bee Level 7 Level 7 (30,565 points)
    PB --
    So did it look like this?
    Screen shot 2010-05-03 at 3.22.50 PM-2
    15" MBP; 20"iMac Duo; 12 PB G4; mini; and a few more., Mac OS X (10.6.4), LaCie Ext. HD
  • Klaus1 Level 8 Level 8 (43,300 points)
    They wanted you to download something, but you didn't so you are OK.

    For future reference:

    Do not be tricked by 'scareware' that tempts computer users to download fake anti-virus software that may itself be malware.

    Fake anti-virus software that infect PCs with malicious code are a growing threat, according to a study by Google. Its analysis of 240m web pages over 13 months showed that fake anti-virus programs accounted for 15% of all malicious software.

    Scammers trick people into downloading programs by convincing them that their PC is infected with a virus.
    Once installed, the software may steal data or force people to make a payment to register the fake product.
    Beware of PDF files from unknown sources. A security firm announced that by its counting, malicious Reader documents made up 80% of all exploits at the end of 2009.:

    http://www.computerworld.com/s/article/9157438/RoguePDFs_account_for_80_of_all_exploits_saysresearcher

    No viruses that can attack OS X have so far been detected 'in the wild', i.e. in anything other than laboratory conditions.

    It is possible, however, to pass on a Windows virus to another Windows user, for example through an email attachment. To prevent this all you need is the free anti-virus utility ClamXav, which you can download for Tiger and Leopard from (on no account install Norton Anti-Virus on a Mac running OS X):

    http://www.clamxav.com/

    The new version for Snow Leopard is available here:

    http://www.clamxav.com/index.php?page=v2beta

    (Note: ClamAV adds a new user group to your Mac. That makes it a little more difficult to remove than some apps. You’ll find an uninstaller link in ClamXav’s FAQ page online.)

    If you are already using ClamXav: please ensure that you have installed Apple Security Update 2010-005 and that your version of ClamXav is the latest available.

    However, the appearance of Trojans and other malware that can possibly infect a Mac seems to be growing, but is a completely different issue to viruses.

    If you allow a Trojan to be installed, the user's DNS records can be modified, redirecting incoming internet traffic through the attacker's servers, where it can be hijacked and injected with malicious websites and pornographic advertisements. The trojan also installs a watchdog process that ensures the victim's (that's you!) DNS records stay modified on a minute-by-minute basis.

    You can read more about how, for example, the OSX/DNSChanger Trojan works here:

    http://www.f-secure.com/v-descs/trojanosxdnschanger.shtml

    SecureMac has introduced a free Trojan Detection Tool for Mac OS X. It's available here:

    http://macscan.securemac.com/

    The DNSChanger Removal Tool detects and removes spyware targeting Mac OS X and allows users to check to see if the trojan has been installed on their computer; if it has, the software helps to identify and remove the offending file. After a system reboot, the users' DNS records will be repaired.

    (Note that a 30 day trial version of MacScan can be downloaded free of charge from:

    http://macscan.securemac.com/buy/

    and this can perform a complete scan of your entire hard disk. After 30 days free trial the cost is $29.99. The full version permits you to scan selected files and folders only, as well as the entire hard disk. It will detect (and delete if you ask it to) all 'tracker cookies' that switch you to web sites you did not want to go to.)

    A white paper has recently been published on the subject of Trojans by SubRosaSoft, available here:

    http://www.macforensicslab.com/ProductsAndServices/index.php?mainpage=document_general_info&cPath=11&productsid=174

    Also, beware of MacSweeper:

    MacSweeper is malware that misleads users by exaggerating reports about spyware, adware or viruses on their computer. It is the first known "rogue" application for the Mac OS X operating system. The software was discovered by F-Secure, a Finland based computer security software company on January 17, 2008

    http://en.wikipedia.org/wiki/MacSweeper

    On June 23, 2008 this news reached Mac users:

    http://www.theregister.co.uk/2008/06/23/mac_trojan/

    More on Trojans on the Mac here:

    http://www.technewsworld.com/story/63574.html?welcome=1214487119

    This was published on July 25, 2008:

    Attack code that exploits flaws in the net's addressing system are starting to circulate online, say security experts.

    The code could be a boon to phishing gangs who redirect web users to fake bank sites and steal login details.

    In light of the news net firms are being urged to apply a fix for the loop-hole before attacks by hi-tech criminals become widespread.

    Net security groups say there is anecdotal evidence that small scale attacks are already happening.

    Further details here: http://news.bbc.co.uk/2/hi/technology/7525206.stm

    A further development was the Koobface malware that can be picked up from Facebook (already a notorious site for malware, like many other 'social networking' sites like Twitter etc), as reported here on December 9, 2008:

    http://news.bbc.co.uk/newsbeat/hi/technology/newsid_7773000/7773340.stm

    You can keep up to date, particularly about malware present in some downloadable pirated software, at the Securemac site:

    http://www.securemac.com/

    There may be other ways of guarding against Trojans, viruses and general malware affecting the Mac, and alternatives will probably appear in the future. In the meantime the advice is: be careful where you go on the web and what you download!

    If you think you may have acquired a Trojan, and you know its name, you can also locate it via the Terminal:

    http://theappleblog.com/2009/04/24/mac-botnet-how-to-ensure-you-are-not-part-of- the-problem/

    As to the recent 'Conficker furore' affecting Intel-powered computers, MacWorld recently had this to say:

    http://www.macworld.co.uk/news/index.cfm?email&NewsID=25613

    Although any content that you download has the possibility of containing malicious software, practising a bit of care will generally keep you free from the consequences of anything like the DNSChanger trojan.
    1. Avoid going to suspect and untrusted Web sites, especially p'orn'ography sites.

    2. Check out what you are downloading. Mac OS X asks you for you administrator password to install applications for a reason! Only download media and applications from well-known and trusted Web sites. If you think you may have downloaded suspicious files, read the installer packages and make sure they are legit. If you cannot determine if the program you downloaded is infected, do a quick Internet search and see if any other users reported issues after installing a particular program. A recent example is of malware distributed through innocent looking free screensavers: http://www.zdnet.com/blog/security/malware-watch-free-mac-os-x-screensavers-bund led-with-spyware/6560?tag=nl.e589

    3. Use an antivirus program like ClamXav. If you are in the habit of downloading a lot of media and other files, it may be well worth your while to run those files through an AV application.

    4. Use Mac OS X's built-in Firewalls and other security features.

    5. Stop using LimeWire. LimeWire (and other peer-to-peer sharing applications and download torrents) are hotbeds of potential software issues waiting to happen to your Mac. Everything from changing permissions to downloading trojans and other malicious software can be acquired from using these applications. Similar risks apply to using Facebook, Twitter, MySpace, YouTube and similar sites which are prone to malicious hacking: http://news.bbc.co.uk/1/hi/technology/8420233.stm

    6. Resist the temptation to download pirated software. After the release of iWork '09 earlier this year, a Trojan was discovered circulating in pirated copies of Apple's productivity suite of applications (as well as pirated copies of Adobe's Photoshop CS4). Security professionals now believe that the botnet (from iServices) has become active. Although the potential damage range is projected to be minimal, an estimated 20,000 copies of the Trojan have been downloaded. SecureMac offer a simple and free tool for the removal of the iBotNet Trojan available here:

    http://macscan.securemac.com/files/iServicesTrojanRemovalTool.dmg

    Also, there is the potential for having your entire email contact list stolen for use for spamming:

    http://www.nytimes.com/2009/06/20/technology/internet/20shortcuts.html?_r=1

    NOTE: Snow Leopard, OS 10.6.x, offers additional security to that of previous versions of OS X, but not to the extent that you should ignore the foregoing:

    http://www.apple.com/macosx/security/

    Apple's 10.6.4 operating system upgrade silently updated the malware protection built into Mac OS X to protect against a backdoor Trojan horse that can allow hackers to gain remote control over your treasured iMac or MacBook.

    http://www.sophos.com/blogs/gc/g/2010/06/18/apple-secretly-updates

    Finally, do not install Norton Anti-Virus on a Mac as it can seriously damage your operating system. Norton Anti-Virus is not compatible with Apple OS X.

    And if you are using iPhone Apps you are also at risk of losing all privacy:

    http://www.engadget.com/2010/10/03/hacker-claims-third-party-iphone-apps-can-tra nsmit-udid-pose-se/
    20" 2.1GHz iSight iMac G5,, Mac OS X (10.5.8), iLife 9 but iMovie 6, QTPro 7.6.6, Safari 5.0.2
  • andyBall_uk Level 6 Level 6 (17,440 points)
    powerbook1701 wrote:
    Besides the normal red colored pop up warning message, what other warnings can Safari produce of that nature? Besides plugins not found, etc..?? What about the one for location?


    There's a small selection of html 'error' pages within the Safari bundle, no individual location one afaict. With the OK/cancel buttons it may have been a genuine location services alert
    The website “xyz” would like to use your current location or yes, potentially (as with most any website) a malicious javascript-based popup.
  • Klaus1 Level 8 Level 8 (43,300 points)
    Thanks PW, yes I keep it updated as and when I become aware of relevant developments.

    In fact I added this today:

    The advent of HTML5 may also be a future threat to internet privacy:

    http://www.nytimes.com/2010/10/11/business/media/11privacy.html?_r=1&hp

    My little (but growing) essay is available as a User Tip but that has not itself been updated for a while, and as nobody ever reads those anyway I prefer to post when necessary!
    20" 2.1GHz iSight iMac G5,, Mac OS X (10.5.8), iLife 9 but iMovie 6, QTPro 7.6.6, Safari 5.0.2
1 2 Previous Next

Actions

More Like This

  • Retrieving data ...

Bookmarked By (0)

Legend

  • This solved my question - 10 points
  • This helped me - 5 points
This site contains user submitted content, comments and opinions and is for informational purposes only. Apple disclaims any and all liability for the acts, omissions and conduct of any third parties in connection with or related to your use of the site. All postings and use of the content on this site are subject to the Apple Support Communities Terms of Use.