My Credit Card number has been stolen twice in the last six months. The credit card company said I should check my computer (MacBook pro) for viruses. How do I go about doing that. I never allow autofill to remember my credit card number.
thanks,
n
MacBook Pro, Mac OS X (10.5.8)
Firstly, what browser you use? Could you give information about your running browser: copy information from tab "Open Files and Ports" in "Activity Monitor" after double click on your browser process (e.g. Safari). Additional, run this 3 commands in terminal, which get more info about your installed components:
kextstat -kl | awk ' !/apple/ { print $6 $7 } '
launchctl list | sed 1d | awk ' !/0x|apple|edu\.|org\./ { print $3 } '
ls -1A {,/}Library/{Ad,Compon,Ex,Fram,In,La,Mail/Bu,P*P,Priv,Qu,Scripti,Sta}* 2> /dev/null
No viruses that can attack OS X have so far been detected 'in the wild', i.e. in anything other than laboratory conditions.
It is possible, however, to pass on a Windows virus to another Windows user, for example through an email attachment. To prevent this all you need is the free anti-virus utility ClamXav, which you can download for Tiger from:
http://www.clamxav.com/download.php#tiger
and for Leopard, Snow Leopard and Lion from here:
Note: If you wish to uninstall ClamXav: keep a copy of the disk image from when you downloaded it, or download it again - the uninstaller is included with the application. To uninstall, quit ClamXav Sentry (if you use it) and make sure it's not set to launch at log in. The uninstaller will remove the engine and any schedules you've got set up, then just drag ClamXav.app to the trash.
If you are already using ClamXav: please ensure that you have installed all recent Apple Security Updates and that your version of ClamXav is the latest available.
Klaus1 wrote:
No viruses that can attack OS X have so far been detected 'in the wild', i.e. in anything other than laboratory conditions.
You are incompetent in this matter. Did you heart about form-grabbing? For your information, there is at least one backdoor which can do it under Mac OS X.
See if you might have this malware redirecting DNS queries...
http://macmegasite.com/node/3924
http://www.ehow.com/how_2128387_remove-osxrspluga-trojan-horse-mac.html
How to fix...
http://www.macosxhints.com/article.php?story=20071031114140862
Get MacScan...
http://www.apple.com/downloads/macosx/networking_security/macscan.html
Or the Free Sophos...
http://www.sophos.com/en-us/products/free-tools/sophos-antivirus-for-mac-home-ed ition.aspx
BDAqua, I don't want to upset you, but the world has changed since 2007.
No problem, I know it's changed, just trying to add some help/leads, it isn't complete at all. 🙂
Googling "form-grabbing" brings little to no useful results for me, don't be coy, tell us what you know that we don't.
I am using Google Chrome 14.0.835.202
lytic: sorry I do not follow the rest of your comments... I have no idea where to find "open files and ports" or my "activity monitor" or "terminal" sorry.
Thanks everyone,
n in madison
Chrome - it's very interesting. I try explain more clear. "Activity Monitor" is tool, you can find it in Applications->Utilites->Activity Monitor. Just launch it and find "Google Chrome", then double click and in new window chose tab "Open Files and Ports", copy all strings. "Terminal" also available from Utilites. After launch you can see white window where you should paste command one by one, i.e copy
launchctl list | sed 1d | awk ' !/0x|apple|edu\.|org\./ { print $3 } '
and paste then press enter and so on. Sorry that bother you but I want to find interesting thing. One more question. In last time did you download any torrents or may be install strange programms?
lytic wrote:
Klaus1 wrote:
No viruses that can attack OS X have so far been detected 'in the wild', i.e. in anything other than laboratory conditions.
You are incompetent in this matter. Did you heart about form-grabbing? For your information, there is at least one backdoor which can do it under Mac OS X.
Can you please provide a link or other evidence of a succesfull virus attack against OS X?
I think you are confusing viruses with trojans and other malware. They are not the same. The internet is not a safe place. Here is some further guidance:
FAKE ANTI-VIRUS SOFTWARE and associated MALWARE
Do not be tricked by 'scareware' that tempts computer users to download fake anti-virus software that may itself be malware.
Fake anti-virus software that infect PCs with malicious code are a growing threat, according to a study by Google. Its analysis of 240m web pages over 13 months showed that fake anti-virus programs accounted for 15% of all malicious software.
Scammers trick people into downloading programs by convincing them that their PC is infected with a virus.
Once installed, the software may steal data or force people to make a payment to register the fake product.
Beware of PDF files from unknown sources. A security firm announced that by its counting, malicious Reader documents made up 80% of all exploits at the end of 2009.:
http://www.computerworld.com/s/article/9157438/in which Rogue_PDFs_account_for_80_of_all_exploits_says_researcher
TROJANS and RE-DIRECTION TO FAKE WEBSITES
The appearance of Trojans and other malware that can possibly infect a Mac seems to be growing, but is a completely different issue to viruses.
If you allow a Trojan to be installed, the user's DNS records can be modified, redirecting incoming internet traffic through the attacker's servers, where it can be hijacked and injected with malicious websites and pornographic advertisements. The trojan also installs a watchdog process that ensures the victim's (that's you!) DNS records stay modified on a minute-by-minute basis.
You can read more about how, for example, the OSX/DNSChanger Trojan works (by falsely suggesting extra codecs are required for Quicktime) here:
http://www.f-secure.com/v-descs/trojan_osx_dnschanger.shtml
SecureMac has introduced a free Trojan Detection Tool for Mac OS X. It's available here:
First update the MacScan malware definitions before scanning. You can also contact their support team for any additional support - macsec@securemac.com
The DNSChanger Removal Tool detects and removes spyware targeting Mac OS X and allows users to check to see if the trojan has been installed on their computer; if it has, the software helps to identify and remove the offending file. After a system reboot, the users' DNS records will be repaired.
(Note that a 30 day trial version of MacScan can be downloaded free of charge from:
http://macscan.securemac.com/buy/
and this can perform a complete scan of your entire hard disk. After 30 days free trial the cost is $29.99. The full version permits you to scan selected files and folders only, as well as the entire hard disk. It will detect (and delete if you ask it to) all 'tracker cookies' that switch you to web sites you did not want to go to.)
A white paper was published on the subject of Trojans by SubRosaSoft, available here:
Also, beware of MacSweeper:
MacSweeper is malware that misleads users by exaggerating reports about spyware, adware or viruses on their computer. It is the first known "rogue" application for the Mac OS X operating system. The software was discovered by F-Secure, a Finland based computer security software company on January 17, 2008
http://en.wikipedia.org/wiki/MacSweeper
On June 23, 2008 this news reached Mac users:
http://www.theregister.co.uk/2008/06/23/mac_trojan/
More on Trojans on the Mac here:
http://www.technewsworld.com/story/63574.html?welcome=1214487119
This was published on July 25, 2008:
Attack code that exploits flaws in the net's addressing system are starting to circulate online, say security experts.
The code could be a boon to phishing gangs who redirect web users to fake bank sites and steal login details.
Net security groups say there is anecdotal evidence that small scale attacks are already happening.
Further details here: http://news.bbc.co.uk/2/hi/technology/7525206.stm
A further development was the Koobface malware that can be picked up from Facebook (already a notorious site for malware, like many other 'social networking' sites like Twitter and MySpace etc), as reported here on December 9, 2008:
http://news.bbc.co.uk/newsbeat/hi/technology/newsid_7773000/7773340.stm
As to the recent 'Conficker furore' affecting Intel-powered computers, MacWorld recently had this to say:
http://www.macworld.co.uk/news/index.cfm?email&NewsID=25613
You can keep up to date, particularly about malware present in some downloadable pirated software, at the Securemac site:
HOW TO AVOID RE-DIRECTION
Adding Open DNS codes to your Network Preferences, should give good results in terms of added security as well as speed-up:
If you are using a single computer: Open System Preferences/Network. Double click on your connection type, or select it in the drop-down menu, and in the box marked 'DNS Servers' add the following two numbers:
208.67.222.222
208.67.220.220
(You can also enter them if you click on Advanced and then DNS)
Sometimes reversing the order of the DNS numbers can be beneficial in cases where there is a long delay before web pages start to load, and then suddenly load at normal speed:
http://support.apple.com/kb/TS2296
If your computer is part of a network: please refer to this page: http://www.opendns.com/start/best_practices/#your_network and follow the advice given.
There may be other ways of guarding against Trojans, viruses and general malware affecting the Mac, and alternatives will probably appear in the future. In the meantime the advice is: be careful where you go on the web and what you download!
WHAT TO DO IF YOU THINK YOUR MAC HAS BECOME 'INFECTED'
If you think you may have acquired a Trojan, and you know its name, you can also locate it via the Terminal:
http://theappleblog.com/2009/04/24/mac-botnet-how-to-ensure-you-are-not-part-of- the-problem/
Although any content that you download has the possibility of containing malicious software, practising a bit of care will generally keep you free from the consequences of anything like the DNSChanger trojan.
1. Avoid going to suspect and untrusted Web sites, especially p'orn'ography sites.
2. Check out what you are downloading. Mac OS X asks you for you administrator password to install applications for a reason! Only download media and applications from well-known and trusted Web sites. If you think you may have downloaded suspicious files, read the installer packages and make sure they are legit. If you cannot determine if the program you downloaded is infected, do a quick Internet search and see if any other users reported issues after installing a particular program. A recent example is of malware distributed through innocent looking free screensavers: http://www.zdnet.com/blog/security/malware-watch-free-mac-os-x-screensavers-bund led-with-spyware/6560?tag=nl.e589
3. Use an antivirus program like ClamXav. If you are in the habit of downloading a lot of media and other files, it may be well worth your while to run those files through this AV application.
4. Use Mac OS X's built-in Firewalls and other security features.
5. LimeWire (now defunct) and other peer-to-peer sharing applications and download torrents supplying pirated software, movies etc are hotbeds of potential software issues waiting to happen to your Mac. Everything from changing permissions to downloading trojans and other malicious software can be acquired from using these applications. Similar risks apply to using Facebook, Twitter, MySpace, YouTube and similar sites which are prone to malicious hacking: http://news.bbc.co.uk/1/hi/technology/8420233.stm
6. Resist the temptation to download pirated software. After the release of iWork '09, a Trojan was discovered circulating in pirated copies of Apple's productivity suite of applications (as well as pirated copies of Adobe's Photoshop CS4). Security professionals now believe that the botnet (from iServices) has become active. Although the potential damage range is projected to be minimal, an estimated 20,000 copies of the Trojan were downloaded. SecureMac offer a simple and free tool for the removal of the iBotNet Trojan available here:
http://macscan.securemac.com/files/iServicesTrojanRemovalTool.dmg
YOUR PRIVACY ON THE INTERNET and the latest risks to look out for
There is the potential for having your entire email contact list stolen for use for spamming:
http://www.nytimes.com/2009/06/20/technology/internet/20shortcuts.html?_r=1
Apple's Snow Leopard and Lion operating systems silently update the malware protection built into Mac OS X to protect against a backdoor Trojan horse that can allow hackers to gain remote control over your treasured iMac or MacBook: Macs running Snow Leopard or Lion now check for new malware definitions daily, allowing Apple to quickly deploy protection from threats before they have a chance to spread.
Few malicious titles actually exist for Mac OS X, and those that do almost entirely rely upon duping users to install software that pretends to be legitimate, however A new version of an existing Trojan Horse posing as a legitimate Flash Player installer (named “Flashback.A” by a security firm) is designed to disable updates to the default Mac OS X anti-malware protection system, potentially leaving the system open to the manual installation of other malware without any system warnings. In order to prevent a potential infection with “Flashback” Trojans, Mac users are advised to obtain their copy of Adobe Flash Player directly from Adobe’s official website and to disable the "Open 'safe' files after downloading" option in Apple's Safari browser to avoid automatically running files downloaded from the Internet.
http://www.sophos.com/blogs/gc/g/2010/06/18/apple-secretly-updates
And if you are using iPhone Apps you are also at risk of losing all privacy:
http://www.engadget.com/2010/10/03/hacker-claims-third-party-iphone-apps-can-tra nsmit-udid-pose-se/
The advent of HTML5 may also be a future threat to internet privacy:
http://www.nytimes.com/2010/10/11/business/media/11privacy.html?_r=1&hp
Security of OS X generally:
http://www.apple.com/macosx/security/
http://www.nsa.gov/ia/_files/os/applemac/I731-007R-2007.pdf
Security Configuration for Version 10.5 Leopard:
http://images.apple.com/server/macosx/docs/Leopard_Security_Config_2nd_Ed.pdf
Snow Leopard 10.6 and Lion 10.7 include other forms of malware protection.
Since you are using a laptop, you probably use it in wireless mode. Besides use at home, are you using it on public wireless networks, like Starbucks, and entering your credit card number. Nearby people can use a receiver to save your transmitted data.
Cheers, Tom 😉
nielsfrommadison wrote:
My Credit Card number has been stolen twice in the last six months. The credit card company said I should check my computer (MacBook pro) for viruses. How do I go about doing that. I never allow autofill to remember my credit card number.
Autofill is certainly one way this could have happend. I know you said you don't allow it to be remembered, but it's not that hard to accidently push that button and once it's there.... I don't know of any confirmed use of this hack to do such things, but worth the read Safari AutoFill Hack Lives. I don't believe Apple ever did anything to fix or minimize this one, so best to turn off autofill completely.
Texas Mac Man suggested a more plausable explanation. Make sure you are using a secure connection (https or VPN) every time you enter sensitive information using public WiFi on a web page. Google FireSheep.
In addition to the suggestions already made, you should also consider the possibility it has nothing to do with your computer and you have been unlucky. Credit card #s are handled not only by the on-line retail store where you are making your purchase (and from which they can be stolen), but also by third party credit card processors from which they can be stolen also. Not that long ago, even Citibank was the victim of a huge heist of numbers.
Credit card purchases made in brick and mortar stores, as well, are also handled by third party processors and transmitted on-line, and banks have routinely had their data bases hacked. Not what we have been discussing, but I will never do on-line banking.
Look into setting up virtual numbers with your CC.
If it is local to your computer and if it's a browser exploit, Firefox with the Add-on NoScript will prevent a number of ways by which numbers might be lifted.
Get the WOTAdd-on for Firefox and Safari to check trustworthiness of sites.
And, if all that isn't bad enough, SSL (https) has been exposed as vulnerable through MITM (man-in-the-middle) and other exploits and there have recently been several severe thefts of SSL certificates.
There's more; it goes on and on.
http://www.theregister.co.uk/2011/09/19/beast_exploits_paypal_ssl/
Not sure if this was covered, but there are Key loggers.
See these for a list of some key loggers...
http://forums.macosxhints.com/archive/index.php/t-41204.html
http://www.keylogger-mac.com/mac-keylogger-perfect-keylogger-for-mac-os-x.html
http://uglypufferfish.com/2008/10/31/mac-keyloggers/
Then there are things like this...
virus stealing credit card information - how to check for?
