Trixology

General Category => General Computing/Macintosh => Topic started by: Blicj11 on July 05, 2017, 03:54:22 PM

Title: Fake Malware Warning
Post by: Blicj11 on July 05, 2017, 03:54:22 PM

Yesterday I received a fake malware warning in my browser. It looks amazingly legit, except for a few things.

• AppleCare doesn't scan computers
• Nobody can scan your computer remotely; they can only scan a file you upload to their server or have you download their files that scan your computer after being downloaded
• While the URL appears to be from apple.com, legitimate URLs usually need not be this long - apple.com-webbrowsing-security.review/en/index.php?_jsess=e48eaf8c8cdaef2969ce6af2c53126a1&os=OS%20X%2010.12&app=MacKeeper&browser=Safari&voluumdata=BASE64dmlkLi4wMDAwMDAwNi00OTc4LTRlNzktODAwMC0wMDAwMDAwMDAwMDBfX3ZwaWQuLmZhODkzODAwLTYwZWEtMTFlNy04MzkzLWFiZTRiYzcxZTJmYV9fY2FpZC4uMWFjZDA2MzEtNWQ5Ny00YWMzLThjZGUtNzRmMTU4YWJmMzE0X19ydC4uREpfX2xpZC4uNThkYzI0MzUtYTI4ZC00NTFkLTg1ZDAtMDM0ZDI1YmYzZmJmX19vaWQxLi5lNGU3Njg4MC1lODU0LTQxMDItYmY1OC0yMDNmMTIzMTcxYTFfX3ZhcjEuLjE1NTk1NDEtMzE5NzU3MTM2Ny0yNDkwOTAyNzM5X192YXIyLi5FTl9fdmFyMy4uMTQ5OTE5ODAzMjExMjA3ODEyMTAyNDMyMzEzOTAyOTk2OTJfX3ZhcjQuLjE0OTkxOTgwMzNfX3ZhcjUuLjQ0ODY0MTM0X19yZC4uX19haWQuLl9fYWIuLl9fc2lkLi5fX2NyaS4uX19wdWIuLl9fZGlkLi5fX2RpdC4uX19waWQuLl9faXQuLl9fdnQuLjE0OTkxOTgwMzM1MzY&zone=1559541-3197571367-2490902739&lang=EN&cid=14991980321120781210243231390299692&time=1499198033&campaign=44864134#b
• The word MacKeeper appears in the URL - a dead giveaway that this is a scam - questionable company in Ukraine with clearly dishonest marketing techniques

I took a screenshot, copied the URL and then quit Safari and restarted it, and all was well. Fortunately, I run Safari in a Private Window so there is no remaining trace or history of that tab that popped up whilst I was reading an article on a site for a local newspaper.

Title: Re: Fake Malware Warning
Post by: wurzelmac on July 05, 2017, 06:03:28 PM

Thank you Blick for letting us know!

 ThU32:-)

Title: We all need to be on our toes. (Re: Fake Malware Warning)
Post by: elagache on July 05, 2017, 11:42:59 PM

Dear Blick, Reinhard, and WeatherCat cautious world wide web surfers,

Quote from: Blicj11 on July 05, 2017, 03:54:22 PM

Yesterday I received a fake malware warning in my browser. It looks amazingly legit, except for a few things.

Unfortunately it is relatively easy to fake a well-known site.  It is just about impossible to keep corporate graphics from being copied.  If you replicate the graphics and fonts - it will look extremely genuine.

Quote from: Blicj11 on July 05, 2017, 03:54:22 PM

Nobody can scan your computer remotely; they can only scan a file you upload to their server or have you download their files that scan your computer after being downloaded

This is a nitpick but for the sake of completeness.  Software does exist for others to remotely control your computer.  This can happen for example when you are beta testing some software and the developer would like to look at your installation to see if he/she can spot what is causing a bug that he/she cannot easily replicate on the development machine.  Since such remote control is possible, someone could come up with a service to remove malware remotely and there might be customers who are too busy to do this stuff for themselves.  However, quite clearly you need to give permission for this sort of remote control to happen.  Still, given that art of deception is constantly growing, one should certainly be extremely careful in ever allowing anyone to control your computer remotely.

Cheers, Edouard  [cheers1]

Title: Re: Fake Malware Warning
Post by: xairbusdriver on August 16, 2017, 04:49:05 PM

Sent the following plain text to some friends who use Windows. "http.../www.thewhir.com/web-hosting-news/microsoft-warns-users-to-be-diligent-as-tech-support-scams-get-more-sophisticated"
(I had to separate some of the url to prevent the friendly forum software from converting the text to a link. Not worried about here, but I just wanted to show what was in the email.)

I also reiterated the warning to NEVER, EVER click a link in an email. I encouraged them to go directly to the company mentioned in the email and look for help there. I also suggested that their browser may even recognize the site they want to visit with only the first few letters of the site's name. If the browser is guessing correctly, simply stop typing and press return/enter. That could avoid the human problem of mispeling the name and ending up at a malware site that actually uses that mizspeld domain!

Of course, too many folks my age seem to not understand how easily a human brain can be tricked...
Now, about that land in East Miami...

Title: Re: Fake Malware Warning
Post by: TechnoMonkey on August 17, 2017, 02:54:34 AM

Those scams are directed at ex-windoze users.  Windoze users got use to clicking and downloading everything possible that suggested any hint of increased performance.  It all stems back to the old days when "Mac has eight programs but windows has thousands, why would you want a Mac?".  They always neglected the part about how the eight programs actually worked and Mac didn't need thousands of non-working programs.

Macs are headed to the windoze way of life (yeah, that really sucks, but what can we do), but the OS itself is still pretty tough to crack without permission.  When a Mac asks you for a password and that is not what you expected, BACK THE F**K AWAY!