Apple Mac users being targeted in new Malware Attack. (1 Viewer)

OP
OP
Gromett
Feb 27, 2011
14,669
74,861
UK
Funster No
15,452
MH
Self Build
Exp
Since 2005
PS: it is possible to protect yourself from this mistake by using dnsmasq on a Mac to set a wildcard to point all .om domains to 127.0.0.1
This would mean if you went to one by mistake it would be routed back to your own computer and you would just get a page not found message.

I can't advise on how to set this up as I don't have a Mac sorry. But it would be worth doing if you can.
 

Allanm

Free Member
Jun 30, 2013
5,431
9,191
Cotes d'armor, France
Funster No
26,730
MH
Burstner Harmony TI 736 G
Exp
Since 1987
PS: it is possible to protect yourself from this mistake by using dnsmasq on a Mac to set a wildcard to point all .om domains to 127.0.0.1
This would mean if you went to one by mistake it would be routed back to your own computer and you would just get a page not found message.

I can't advise on how to set this up as I don't have a Mac sorry. But it would be worth doing if you can.
Thanks, might have a look at that, sometimes my Mother in law uses my Macbook, and her typing isn't very logical at times....
 

mariner

LIFE MEMBER
Nov 21, 2013
1,283
3,778
Isle of Dogs, but mostly Artola Spain.
Funster No
29,109
MH
Caravan
Exp
Since 2007. But no more.
My Avast picked this up a couple of weeks ago and wouldn't let me open it even if I was stupid enough to try!

No one should attempt to down load any soft ware, other than from a trusted website, on any type of machine, Windows, Mac, Android or Linux!

If your Mac is security set up is default, it won't let you open any .dmg files that are not from a recognised safe source!
 

DuxDeluxe

LIFE MEMBER
Jul 10, 2008
14,627
72,221
Planet Zog
Funster No
3,243
MH
A woosh bang van
Exp
since 2008
My Avast picked this up a couple of weeks ago and wouldn't let me open it even if I was stupid enough to try!

No one should attempt to down load any soft ware, other than from a trusted website, on any type of machine, Windows, Mac, Android or Linux!

If your Mac is security set up is default, it won't let you open any .dmg files that are not from a recognised safe source!
I use avast on my Mac as well, and a VPN. Didn't know that last bit, though - security is default so should be ok

Subscribers  do not see these advertisements

 

mariner

LIFE MEMBER
Nov 21, 2013
1,283
3,778
Isle of Dogs, but mostly Artola Spain.
Funster No
29,109
MH
Caravan
Exp
Since 2007. But no more.
I use avast on my Mac as well, and a VPN. Didn't know that last bit, though - security is default so should be ok

Here in System Preferences
Screen Shot 2016-03-15 at 09.56.39.png


Default will probably be App Store only,
 

mariner

LIFE MEMBER
Nov 21, 2013
1,283
3,778
Isle of Dogs, but mostly Artola Spain.
Funster No
29,109
MH
Caravan
Exp
Since 2007. But no more.
I came across this fake Flash download fake but not by typing .om in fact I've tried the .om websites in the article and most won't load and revert to .com, gmail.om did open but to some website that was to do with parking I think.

Subscribers  do not see these advertisements

 

mariner

LIFE MEMBER
Nov 21, 2013
1,283
3,778
Isle of Dogs, but mostly Artola Spain.
Funster No
29,109
MH
Caravan
Exp
Since 2007. But no more.
I thought Apple didn't have virus mail-ware problems.....:)

If you use a Mac as 99% of users do, you will not encounter any, unlike Microsoft users.
However if you override your built in security and down load things you shouldn't, from areas you did not ought to be in then there is a risk.

eg Mercedes build some of the safest cars in the world, but if you will insist on driving over cliffs, then their 7 air bag safety system probably wont help you much!!
 
Oct 1, 2013
7,487
19,760
Lanzarote
Funster No
28,377
MH
Nil by mouth
Exp
Lots
When I worked at McAfee they had a team dedicated to Macs so the threat is out there.
Don't be complacent.

Subscribers  do not see these advertisements

 
Aug 27, 2009
19,788
23,032
Hertfordshire
Funster No
8,178
MH
Van Conversion
Exp
40 years
If you use a Mac as 99% of users do, you will not encounter any, unlike Microsoft users.
However if you override your built in security and down load things you shouldn't, from areas you did not ought to be in then there is a risk.

eg Mercedes build some of the safest cars in the world, but if you will insist on driving over cliffs, then their 7 air bag safety system probably wont help you much!!
So 99% of mac users have never made a mistake by missing the "c" from .com
Was Gromett only giving the heads up to 1% of apple users. The rest don't make mistakes.
 

mariner

LIFE MEMBER
Nov 21, 2013
1,283
3,778
Isle of Dogs, but mostly Artola Spain.
Funster No
29,109
MH
Caravan
Exp
Since 2007. But no more.
When I worked at McAfee they had a team dedicated to Macs so the threat is out there.
Don't be complacent.
Of course they do as do others, there are a lot of OS X machines out there, and money to be made.
But if you use your Mac as you should, then you really don't need them other than to disinfect any emails from an outside source, which you may forward to PC users.
If you want extra protection, use Avast, as all the others seem to play havoc with your operating system.
 

mariner

LIFE MEMBER
Nov 21, 2013
1,283
3,778
Isle of Dogs, but mostly Artola Spain.
Funster No
29,109
MH
Caravan
Exp
Since 2007. But no more.
So 99% of mac users have never made a mistake by missing the "c" from .com
Was Gromett only giving the heads up to 1% of apple users. The rest don't make mistakes.

As I posted earlier, I tried all the .om sites, quoted and only one opened which went to some innocuous site. No sight of the fake Flash software anywhere!:LOL:
Oh guess what, Endgame who have picked up the .om problem, yes you've guessed right, sell protection software for OS X!:rolleyes:

Subscribers  do not see these advertisements

 

mariner

LIFE MEMBER
Nov 21, 2013
1,283
3,778
Isle of Dogs, but mostly Artola Spain.
Funster No
29,109
MH
Caravan
Exp
Since 2007. But no more.
Which is why it was stupid of them to claim (if some reports are to be believed) that they couldn't.
They didn't say they couldn't, they said they would not provide the FBI with the means to do it for themselves!

It would seem that all the other OS providers are backing Apple on this one!
 
Aug 27, 2009
19,788
23,032
Hertfordshire
Funster No
8,178
MH
Van Conversion
Exp
40 years
As I posted earlier, I tried all the .om sites, quoted and only one opened which went to some innocuous site. No sight of the fake Flash software anywhere!:LOL:
Oh guess what, Endgame who have picked up the .om problem, yes you've guessed right, sell protection software for OS X!:rolleyes:
What do you think @Gromett I think that mariner is poo pooing your warning.:) Personally I would side with you on this Gromett.;):)
 

GJH

LIFE MEMBER
Aug 20, 2007
29,450
38,828
Acklam, Teesside, originally Glossop
Funster No
127
MH
None, now sold
Exp
2006 to 2022
They didn't say they couldn't, they said they would not provide the FBI with the means to do it for themselves!

It would seem that all the other OS providers are backing Apple on this one!
Apple statement. Phrases like "We have even put that data out of our own reach", "The government is asking Apple to hack our own users" carry the implication to the vast numbers of people who haven't a clue about computer code that it is something they couldn't do easily.
 
OP
OP
Gromett
Feb 27, 2011
14,669
74,861
UK
Funster No
15,452
MH
Self Build
Exp
Since 2005
What do you think @Gromett I think that mariner is poo pooing your warning.:) Personally I would side with you on this Gromett.;):)

I am guessing he is probably correct that on a properly configured Mac that DMG files shouldn't be installed without warnings. However I am also guessing that this warning wouldn't be necessary if this was foolproof. People are obviously falling for this and getting infected which tells me that the protection isn't foolproof so I am passing this on.

Thanks for you support @buttons :p:whistle:(y)
 
Aug 27, 2009
19,788
23,032
Hertfordshire
Funster No
8,178
MH
Van Conversion
Exp
40 years
I am guessing he is probably correct that on a properly configured Mac that DMG files shouldn't be installed without warnings. However I am also guessing that this warning wouldn't be necessary if this was foolproof. People are obviously falling for this and getting infected which tells me that the protection isn't foolproof so I am passing this on.

Thanks for you support @buttons :p:whistle:(y)
Anytime Gromett.....(y):)

Subscribers  do not see these advertisements

 
OP
OP
Gromett
Feb 27, 2011
14,669
74,861
UK
Funster No
15,452
MH
Self Build
Exp
Since 2005
I didn't realise this thread had replies sorry been busy working.

Here in System Preferences
View attachment 97133

Default will probably be App Store only,
If it is set to anything other than the App Store only then this malware has a way in. People do need to download from other location and will leave this setting after. There are developer certs out in the wild so signing a DMG file is not too hard for them.

I came across this fake Flash download fake but not by typing .om in fact I've tried the .om websites in the article and most won't load and revert to .com, gmail.om did open but to some website that was to do with parking I think.
The .om sites listed have been taken down by the registrar. But they have not fixed the method by which these domains were registered in the first place. The threat is ongoing and moving.
As I posted earlier, I tried all the .om sites, quoted and only one opened which went to some innocuous site. No sight of the fake Flash software anywhere!:LOL:
Oh guess what, Endgame who have picked up the .om problem, yes you've guessed right, sell protection software for OS X!:rolleyes:
And guess what, it was also independently confirmed. I simply posted the link to the first news site I read this on. On a daily basis I read upward of 20+ sites to keep up to date with internet security threats on behalf of my clients. I will just post on here if I think it is relevant to people on here.
 

DuxDeluxe

LIFE MEMBER
Jul 10, 2008
14,627
72,221
Planet Zog
Funster No
3,243
MH
A woosh bang van
Exp
since 2008
I didn't realise this thread had replies sorry been busy working.


If it is set to anything other than the App Store only then this malware has a way in. People do need to download from other location and will leave this setting after. There are developer certs out in the wild so signing a DMG file is not too hard for them.


The .om sites listed have been taken down by the registrar. But they have not fixed the method by which these domains were registered in the first place. The threat is ongoing and moving.

And guess what, it was also independently confirmed. I simply posted the link to the first news site I read this on. On a daily basis I read upward of 20+ sites to keep up to date with internet security threats on behalf of my clients. I will just post on here if I think it is relevant to people on here.

So I set my security to Apple Store and approved only and only downloaded known stuff like Rapport, Avast and the VPN so I'm still vulnerable? Rhetorical question - the answer is yes, but I'm not in the habit of downloading here there and everywhere plus also use additional security so suppose the risk is acceptably low......
 
OP
OP
Gromett
Feb 27, 2011
14,669
74,861
UK
Funster No
15,452
MH
Self Build
Exp
Since 2005
So I set my security to Apple Store and approved only and only downloaded known stuff like Rapport, Avast and the VPN so I'm still vulnerable? Rhetorical question - the answer is yes, but I'm not in the habit of downloading here there and everywhere plus also use additional security so suppose the risk is acceptably low......
Don't ask me :p. I don't know anything about Mac sorry :whistle:

Look up drive by install though which is what I think these guys were doing...

Out of all the Macs out there say only 1% of people made the typo that lead to an infected site and only 1% of those had the security setting that allowed an install. Then it only takes a few to click yes to update Adobe Flash and there you have it.

You may not be part of that 1% of that 1% etc. But if you are you are now aware of it whereas before you weren't. That was the intent of my warning.

It was not aimed at the likes of Mariner who obviously knows what he is doing, keeps up to date with all the security threats and will never be infected :whistle::p:LOL:....

PS: Do you remember these adverts...

Subscribers  do not see these advertisements

 
D

Deleted member 29692

Deleted User
So I set my security to Apple Store and approved only and only downloaded known stuff like Rapport, Avast and the VPN so I'm still vulnerable? Rhetorical question - the answer is yes, but I'm not in the habit of downloading here there and everywhere plus also use additional security so suppose the risk is acceptably low......

Yes, the risk is negligible as long as you're aware of what you're doing. Nothing will download unless you expressly tell it to and even then it won't auto install.

Example: If you're trying to get to gmail or Amazon or whatever, mistype the address and get a pop up to install a Flash update then it should be bloody obvious it isn't real. Flash updates come from Adobe so if that wasn't the site you were trying to reach then the download isn't going to be genuine. If you're on a site with embedded video you might occasionally get a message to update your Flash player but a genuine one will never try and make you download anything, just direct you to Adobe to download it from there.

I don't have, and have never had, any kind of AV or other security software on any of my Macs and I don't see the point of VPN software at all unless you're up to no good :whistle: I know the kids all use it to get past school network firewalls and log on to Facebook

I've had the odd page pop up telling me to upgrade this or that, or that I'm infected and to call this number to sort it out. Anyone paying the least bit of attention should be able to spot them a mile off and ignore them. If it's one that tries to lock you out of your browser it's the work of seconds to get rid of it.
 

DuxDeluxe

LIFE MEMBER
Jul 10, 2008
14,627
72,221
Planet Zog
Funster No
3,243
MH
A woosh bang van
Exp
since 2008
Yes, the risk is negligible as long as you're aware of what you're doing. Nothing will download unless you expressly tell it to and even then it won't auto install.

Example: If you're trying to get to gmail or Amazon or whatever, mistype the address and get a pop up to install a Flash update then it should be bloody obvious it isn't real. Flash updates come from Adobe so if that wasn't the site you were trying to reach then the download isn't going to be genuine. If you're on a site with embedded video you might occasionally get a message to update your Flash player but a genuine one will never try and make you download anything, just direct you to Adobe to download it from there.

I don't have, and have never had, any kind of AV or other security software on any of my Macs and I don't see the point of VPN software at all unless you're up to no good :whistle: I know the kids all use it to get past school network firewalls and log on to Facebook

I've had the odd page pop up telling me to upgrade this or that, or that I'm infected and to call this number to sort it out. Anyone paying the least bit of attention should be able to spot them a mile off and ignore them. If it's one that tries to lock you out of your browser it's the work of seconds to get rid of it.
I used VPN for security reasons as my previous employers insisted on it.......we were usually either after the guys up to no good or they were after us (y)

Subscribers  do not see these advertisements

 

Join us or log in to post a reply.

To join in you must be a member of MotorhomeFun

Join MotorhomeFun

Join us, it quick and easy!

Log in

Already a member? Log in here.

Latest journal entries

Funsters who are viewing this thread

Back
Top