Looks like no one’s replied in a while. To start the conversation again, simply ask a new question.

Warning: Apple Security Center now on Yahoo Mail

Just a heads up: up until now, it seemed that this would appear mostly with Safari in Hotmail or Google Images - no more.....


They've now expanded into Firefox in an open Yahoo Mail Inbox session.


I had several tabs open - one of them my Yahoo Inbox; when I went back to it to check for new mail, there it was. I had to force quite FF (twice actually). I finally yanked the power cord from my modem so I could re-open FF without the offender trying to download something. Got rid of cookies and the always-used Yahoo sign-in.

iMac, Mac OS X (10.6.7), i3 12 GB RAM | 2 LaCie d2 Quadra |

Posted on May 28, 2011 10:20 AM

Reply
22 replies

May 28, 2011 10:32 AM in response to babowa

First, a note to those who might not be aware of this, Apple Security Center is something displayed on the web pages from which the MacDefender trojan variants* are downloaded.


Second, note that this has never been limited to Google Images and Hotmail or to Safari. It has always been possible to reach these sites in Firefox or any other browser, and I personally encountered the malware on other sites long before now. Google Images and Hotmail have been two of the biggest vectors, but one should not make the assumption that unasked-for redirects from any site are safe.


Also, note that the extreme measures you went to to prevent Firefox from downloading anything really aren't necessary. If the malware gets downloaded, it can't hurt you if you just throw it in the trash. Even if the installer starts up automatically, you can just quit the installer and throw it away, and you won't be infected with anything.


However, it's good to know that this has spread to Yahoo Mail. (Well, not good, maybe... it's useful to know.) Users of any of the other major web-based, ad-supported e-mail systems should also be especially cautious.


* Disclaimer: links to my pages may give me compensation, and should not be taken as endorsement of my services by Apple.

May 28, 2011 10:48 AM in response to WZZZ

Was Tabnabbing involved?


Truthfully, I don't know; I wasn't even looking at the address bar - I was moving the cursor from the ASC tab to my Yahoo Inbox tab (which is always the first one) and the security center page was there. The problem after that was that FF wanted to be good and re-opened the same window and I did not want it to go any further. So, since I could not do anything except either allow it to proceed or force quit, I force quit (at that point, nothing else was available - no tabs, no file menu except under FF). I then figured it wouldn't hurt to reset my modem anyway, so I yanked the powercord. I then opened FF, got the "well, this is embarrassing, but FF will try to re-open the window....." I unchecked those; I then deleted all Yahoo cookies and any others I didn't recognize; also zapped history and cache. Then I went back online and re-opened Firefox.

May 28, 2011 11:42 AM in response to WZZZ

Was Tabnabbing involved?


Amendment to my first reply:


Thinking about it, it could have been because:


When I got the window about FF wanting to reopen with all tabs, Yahoo Mail was missing; I had the ASC, another web based email, and, in the first spot, was the offender with an IP address starting with 178.x.x


I'm an idiot because I should have done a screenshot of that window, but I was so focused on getting rid of it that I didn't think about it. Since I opted not to re-open, but then quit FF the normal way, there is no way for me to retrieve that, is there? I looked but couldn't see anything under tools (the only things listed were current things, not from a previous session).


The bad thing was the vicious cycle of it taking over and re-appearing even though I force quit FF while none of the usual options such as the regular FF menu bar were available - they did not even show.

May 28, 2011 3:30 PM in response to babowa

I was logged into MyYahoo....just at MyYahoo page (wasn't even checking the mail) and I clicked on a news article link about Measles....I left the room, came back and another tab was open (using Firefox)-- took a screenshot (it's below). I forced quit Firefox, then it asked me if I wanted to leave the page, and I clicked okay.....and it forced quit. As far as I know nothing got downloaded.


User uploaded file

May 28, 2011 4:11 PM in response to coffeetime

Since I failed to take a screenshot of mine (which looked pretty much like yours), would you send that as an email attachment to Yahoo? I'm not sure, but it seems to me if we were able to show them the re-direct IP address (178.x.x), they may be able to backtrace it to see which of their IP addresses got hacked/taken over/or whatever it is the crooks did. And then they could block it?

May 28, 2011 6:20 PM in response to etresoft

Thanks, but I wasn't freaking - I'm simply allergic to trojans. 😠 😀 And I wanted to see if there was a way stop it without allowing it to download. When I couldn't find a way, I decided the quickest way was to allow FF to reset, but I had to get offline; since my new modem no longer has an on/off or standby button, I yanked the cord. That is no big deal - according to Comcast, I am supposed to reset the modem about once a month or so anyway. I don't use Safari; there is no auto open option in Firefox (as far as I know - unless I missed some setting in Preferences).

Warning: Apple Security Center now on Yahoo Mail

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple ID.