Mac Malware/poisoned images

Two detailed articles that go into greater depth of the malware attacking Mac users.
http://www.securelist.com/en/blog/6211/Rogueware_campaign_targeting_Mac_users
http://blog.unmaskparasites.com/2011/05/05/thousands-of-hacked-sites-seriously-p oison-google-image-search-results/
If your new to the party:
Mac targeted trojans are making their rounds mostly by poisoned images from Google.
The exploit depends upon Javascript, you can choose to turn it off in Safari preferences, however large portions of the web don't display or operate correctly without Javascript running.
A easier preventative option would be to use Firefox and the NoScript Add-on, use Firefox toobar customization to drag a NoScript button to the toolbar.
NoScript turns off all scripts and plug-ins by default, which you enable on a per site, per need, per visit type basis by clicking the NoScript button.
Firefox also has a pop-up window with a opt out before the downloads occurs, another safety step.
If you have click happy types types, it's advised to install the Public Fox ad-on as well, set a password on the broswer downloads.
If you have the trojan web page on your Mac's screen, simply use Apple Menu > Force Quit to quit the browser.
If you've downloaded but not run the installer, delete it immediatly from your downloads folder.
If you've installed the trojan and gave it your admin password, you need to backup your files to a external drive and c boot off the installer disk and Disk Utility > Erase with Zero your whole boot drive and reinstall OS X fresh, re-install all programs from original sources, scan your files with a AV software and then return them to your computer.
If you gave the AV software your credit card information, you need to call the credit card company and cancel the charge and freeze it. Assume your identity has been stolen and take appropriate action to defend your identity.
http://www.ftc.gov/bcp/edu/microsites/idtheft/
Some other advice:
Use only low amount debit/credit cards online with amounts your willing to risk losing.
Do not enable overdraft protection with these on line type cards.
Maintain the bulk of your funds in more secure, no user electronic access accounts (keep the blame for loss entirely on the bank)
Beware that banks and credit card companies like to increase your credit/debit card limits without notice.
If you lose a considerable amount of funds through a electronic means in your control, like a ATM, credit card, debit card or on line banking, expect a very long and tiresome legal battle to hopefully regain those funds and prove fault.
(note: I receive no compensation from mentioning these sites/article or their solutions, etc)

WZZZ wrote:
Still don't understand you're recommendation for a clean install, if user gives password. Again, I thought it had been established that just cleaning out the malware files was adequate. That's why I'm asking what new did you learn, if anything, to lead you recommend this drastic remedy?
None other than the website at the link stating it need the root password to install.
"For the application to be installed, the user needs to input his root password."
http://www.securelist.com/en/blog/6211/Rogueware_campaign_targeting_Mac_users
It's wrong to assume this malware or any malware is going to remain what it is. Or assume what you see is what you get.
If the code was examined of this present version of the malware and found not to cause any further damage outside of installing itself, then that's one thing, but the potential to do more damage is there in future or other versions of this exact malware is there.
Remember a goal of a lot of these malware authors is to gain control of the machine for later use.
If they know their rogue code is going to attract attention, they could be using the "MACDefender" as a cover, hope to get some fools dropping $99, let people THINK that it's a easy removal when in truth it installs or changes something much more covert, calls home, opens a port or some other action that will allow return access later.
So far this malware has changed
Best Mac Antivirus, MACDefender, MACProtector, MACSecurity, Apple Security Center...
If the user doesn't give it (or any malware) the admin password, perhaps just removing the files like before will be adequate depending upon the privilege level the malware was run in and upon close examination of it's code.
However, most users can't just can't simply assume the malware they see is the same one as before and a simple deletion is fine and dandy.
To refresh:
OS X has three "privilege levels": General, Admin and Root
Without using some sort of privilege escalation exploit, any malware running uses the privileges of the user level it's running in.
Root user is turned off by default, however a Admin level user can access the "sudo window" 5 minutes of Root User privileges by giving their Admin Password to a rogue program.
This is how Software Updates and program installs across users, hooks into the operating system etc., are performed.
So the following situations can occur depending what the user privilege level is and what the user does with the malware.
A: Very bad: (root level access)
If the user gives the admin password to any malware, the malware has a 5 minute "root user" time window to do whatever it pleases to the computer. Complete and total access to everything, including firmware. There is hope that if the firmware(s) wasn't attacked, the user can simply boot off the installer disk, zero their boot drive in Disk Utility and reinstall OS X.
Most likely, if a user gives malware their admin password, they are going to need professional help to ensure the firmware isn't compromised or the malware can return.
B: Can be very bad: (admin level access)
If the user is a Admin User and any malware is run, with no password entered, it can certainly do considerable amount of damage, alter programs and root the machine eventually by slow methods including privilege escalation(s). Most certainly can delete or encrypt user files.
Since OS X is setup as the first user being a Admin, and a lot of people remain that first Admin user, in this case it's perhaps best not to take any chances and backup > reinstall OS X, fresh programs from sources etc., to completely clear the machine.
If one has the capability to examine the malware code before it's run and has the opportunity to delete parts of itself, is well trained in programing and so forth. Naturally a compete wipe and reinstall is unnecessary, they know that already.
C: Is bad, but easily recovered if certain things don't happen. (general user access)
If the user is a General User and any malware is run, with no password entered, it can do damage to user files,. If they are then encrypted like what ransom ware does, then it's bad if there is no uninfected backup of the data.
Rogue code has the least amount of access in General User, thus it's easier to remove as it's confined to the General User's access folders. Once it's all found and removed, the computer's security should be restored.
Still the malware could upload all user files and unencrypted files read by others.
So, since this malware asks for the Admin password to install, it has to be assumed it had total and complete access to the machine.
If the user can't understand the code, then they really don't know if the simple removal methods were adequate enough.

Similar Messages

Newly created images will not display in Firefox 8 for Mac. Same images appear in other browsers. Why?

1. Specific new images are uploaded but will not display in Firefox 8 on my Mac with OS 10.6.8. (Does appear in other browsers, e.g., Chrome and Opera, and appears on Firefox 8 for PC.) Also, other images on the page display.
2. I have cleared cache, cookies, etc., in Recent History, and restarted both application and computer.
3. I've tried creating GIF, JPG and PNG, but none show on the page in Firefox on my Mac. I can see the offending image in other browsers such as Chrome on the same computer, and on Firefox on PC. Offending pages are in both PHP and HTML: http://www.brookfieldcivic.org/advertisers.php and http://www.brookfieldcivic.org/advertising_freedom_montessori.html
Image links: http://www.brookfieldcivic.org/images/advertisers/freedom.png and http://www.brookfieldcivic.org/images/advertisers/Freedom_Montessori_bizcard.jpg

You can use these steps to check if images are blocked:
*Open the web page that has the images missing in a browser tab.
*Click the website favicon ([[Site Identity Button]]) on the left end of the location bar.
*Click the "More Information" button to open the "Page Info" window with the Security tab selected (also accessible via "Tools > Page Info").
*Go to the Media tab of the "Tools > Page Info" window.
*Select the first image link and scroll down through the list with the Down arrow key.
*If an image in the list is grayed and there is a check-mark in the box "Block Images from..." then remove that mark to unblock the images from that domain.

Mac Mini distored image on wake from sleep with HD TV

I've got a Mac Mini that does this when it wakes from sleep:
http://www.youtube.com/watch?v=AlqYc8qH7ps
The image is distorted for several minutes and eventually corrects itself. It happened in 10.6 and now happens in 10.7, it's actually worse in 10.7
The Mini is connected to a Vizio 55" LED LCD TV via HDMI. I've had the logic board replaced twice and the RAM has also been replaced.
If I change the resolution setting it also fixes the image.
I was able to test it on another TV also a Vizio but different model. That was in 10.6 and the problem happened there too.
Once the image is fixed it runs fine. Though I do find that movies play a little stutteringly particularly noticeable via slow pans but that may not be related to this issue.

I've got a Mac Mini that does this when it wakes from sleep:
http://www.youtube.com/watch?v=AlqYc8qH7ps
The image is distorted for several minutes and eventually corrects itself. It happened in 10.6 and now happens in 10.7, it's actually worse in 10.7
The Mini is connected to a Vizio 55" LED LCD TV via HDMI. I've had the logic board replaced twice and the RAM has also been replaced.
If I change the resolution setting it also fixes the image.
I was able to test it on another TV also a Vizio but different model. That was in 10.6 and the problem happened there too.
Once the image is fixed it runs fine. Though I do find that movies play a little stutteringly particularly noticeable via slow pans but that may not be related to this issue.

When trying to update, the .dmg file for mac indicates "Coruppt Image". I'm running FF 1.0.1 on a mac with 10.3.9.

Trying to update to a newer version of FF, not the lastest version. I'm using a Mac with 10.3.9. When opening up the .dmg file the error is "the followinmg disk images failed to mount" Reason - "corrupt image". Need to update because I can't get to my e-mail with this browser.
Thanks in advance
Randy

Firefox 3.0 and 3.5/6 versions require at least Mac OS X 10.4
* http://www.mozilla.com/en-US/firefox/system-requirements.html - Mozilla Firefox 3.6 System Requirements
Firefox 2.0.0.20 is the last release that runs on Mac OS X 10.2 and 10.3 
Mac: https://ftp.mozilla.org/pub/mozilla.org/firefox/releases/2.0.0.20/mac/en-US/
See also:
* http://kb.mozillazine.org/Installing_Firefox
* http://kb.mozillazine.org/Unsupported_operating_systems

Adobe Reader 9 Mac - cannot copy images

I upgraded to Reader 9, and another person in our office is using 8 with the same problem. We can no longer copy images out of a PDF - when we try to paste an image that appeared to be copied we only get a gray box. We've tried many ways including pasting directly into Word or Excel, choosing 'New from Clipboard' in Photoshop Elements, creating a blank Photoshop file and pasting, etc. This has works perfectly in Acrobat 5.0 and in Reader 7.0.5 (which I have gone back to using - I'm sure glad I waited before removing it from my system!).
Any thoughts?

(Gary_Roger) wrote:
I was wrong on both counts. With the help of the local Apple store, I found a solution. First, I Moved to Trash all adobe related files/folders from /Users/*myaccount*/Library/Cache and /Users/*myaccount*/Library/Preferences. When I started "Adobe Reader 9", I at least got the license agreement but again it failed with an "internal error". I then moved the /Users/*myaccount*/Library/Application Support/Adobe folder to my desktop. I was then able to start "Adobe Reader 9" successfully.
I was having the "Internal Error" message on all my repeated installs of Reader in Mac OS 10.6 ("Snow Leopard") and this fixed it for me. The only thing I did different, was after the app finally launched without an error, I dragged all the non-Acrobat Reader folders inside of /Users/*myaccount*/Library/Application Support/Adobe back to the folder. I then re-launched Reader just to check and all was fine.
Thanks! This fixed my Adobe Reader on Snow Leopard problem.

Word for mac 2011 - jpeg images vanish when saved as pdf

The subject box pretty much explains the problem! I've tried ticking the 'drawing objects' box in preferences, and unchecking the 'image placeholders', but I still get pdfs with just a blank space where my word .docx has an image. help!

Since Apple discussions only provide support for Apple products, and Word is made by Microsoft you should really consider posting your question on MS's own forums for their Mac software
http://www.officeformac.com/productforums

Using elements 8 as default editor in mac iphoto - four image limit

When I "select all" of a batch of images in mac iphoto and click on "edit", PS Elements 8 opens but only accepts the first four images.
How do I get PSE to accept the entire batch.

This is an iphoto limit, not a PSE limit. iPhoto can only send four photos at a time to any external editing program.

Mac Mail No Images

My Mac Mail isn't showing any images in the messages themselves in any of my accounts. What setting could be the cause? I have checked, "Display remote images in HTML messages", but that doesn't seem to help. Where there should be images are instead "?" marks.
Thanks for any help,
Tony

You have brought sanity back to my life. Like a mosquito that won't stop me leaving me alone this minor annoyance of not being able to see images in Mail but most of all being unable to figure out why this was the case was really driving me to distraction! Thanks for snitching on Little Snitch!
J.Brock

PS CS5 on a Mac, moving cropped images

I'm using CS5 on a Mac, referencing Adobe Photoshop CS5: Classroom in a Book. I'm stuck on Ch. 10 "Advanced Compositing". I cropped, applied and saved 3 images to move to another image. However, when using the Move tool, the entire images are moved, not just the cropped areas. What have I missed??? Thank you.

Download and install. Use the serial number from the disc to activate.
CS5 - http://helpx.adobe.com/creative-suite/kb/cs5-product-downloads.html

HT1600 why will my i mac not mirror image to my apple tv

My Imac with mirror imaging turned on will not show on my apple tv
Processor 3.2 GHz Intel Core i3
Memory 4Gb 1333 MHz DDR3
Graphics ATi Radeon HD 5670 512 MB
I bought my apple tv at christmas because I wanted to be to watch what I see on my Imac screen through my apple tv on my television but I seem not to be able too.
The only thing I have read is tha my mac being nearly 3 years old may not be a god enough spec

Welcome to the Apple Support Communities
AirPlay Mirroring needs a Mid 2011 or later iMac, so you have a Mid 2010 iMac. In your case, install AirParrot > http://www.airparrot.com

Mac Mail Signature Image Resolution-HELP!

I have a shiny new retina MBP...I created a signature for Mac Mail that looks crisp...until I created my first email. The image in the signature is now grainy! I read that Mac Mail doesn't play well with 300 dpi images. So, I have reduced it to 100 dpi and then 72...I have also used jpg, png, and tif files. All result in this grainy look.
Has anyone found a solution to get an image be retina compatible in the signature?
Thanks!

Definitely is your problem.
The image will not show up on anyone else's computer, but your own if it is fetched locally.
You should be able to paste the the image address in the browser and the image should render independent of Mail.
That is the nature of html mail, it reaches out to fetch the images in the mark-up.
addendum: if you do not have active server space available to host your image, there are many alternatives. Dropbox public file is one example. The public link can be copied and pasted into the html .mailsignature

[CS4 Mac] Change PictureWidget image at running time.

Hello,
I have a PictureWidget on a panel - by default it displays a PNG file loaded from resources.
It can also display error icons when a query fails - etc: these icons are loaded from plugin's 'PICT' resources.
So far so good.
Now - when a query doesn't fail it would need to display an image stored as a 'PICT' file on a server: the query result is telling me which 'PICT' file is to be displayed in the PictureWidget.
For QXP I was using DrawPicture() to draw the PicHandle directly in the item rectangle.
Switching it to InDesign - I am looking for a recipe to achieve same result but following InDesign SDK means and spirit.
In other words - how do we change a PictureWidget image at running time in order to display a PICT files from server instead of built-in default PNG or 'PICT' resources.
Any pointer or direction to achieve this would be very much appreciated indeed.
Best regards
Patrick Perroud

Hi,
I have to add a image on a dialog, I am able to add a image on Windows by associating a image resource ID with image path in .rc file. But not able to do the same on mac. How can we associate image resource ID with image path on MAC?
Thanks in advance.

Transfer photos from iPhone to mac without iPhoto / image capture and preview doesn't see device

Hello. I'd like to transfer photos from my iPhone to my Mac. I read (http://support.apple.com/kb/ht4083) that iPhoto is the standard application for that; I'd like to do without. I read that image capture (http://apple.stackexchange.com/questions/8954/copy-photos-off-iphone-without-iph oto) or even Preview (http://osxdaily.com/2010/07/10/transfer-photos-from-iphone-to-computer/) could help. Neither of them see my iPhone although cable connected and iTunes does. So my question is two: If Preview and Image Capture are ineed supposed to, why don't they? And is there any other way?
Thanks

I dont like iphoto so the easiest way to do it is using image capture, just plug in your iphone launch image capture from your applications folder and import all images or just selected images into any folder you want.
Moreover,you can follow this page about how to transfer photo/pictures from iPhone to Mac, which give an easy guide to figure out this problem.
Have a good luck!

Import vhs to Mac but no image

Good afternoon,
I have a question regarding the import from a vhs tape to a Mac (Mac Book, with 10.5.2). I've got a Vhs player connected via Cinch cables to a DV Converter (by Formac called Studio TVR) and have that one connected to my computer. I am also using the software that came along with the Formac converter.
I presume that all is set up correctly but when I start recording I get the sound only and no image (only snow). I have also tried importing in iMovie but there I don't get audio nor video
Could anyone please help me with this?
cheers,
Marie-Anne

I'm not familiar with the Formac but I can tell you that converting from VHS to a Mac is very doable and usually straight forward.
I'd suggest the configuration or settings are incorrect somewhere.
FYI: If you can get your hands on a recent model Mini DV camera with in/outputs and PASS THROUGH ability, you can use this type of camera as an Analogue to Digital converter. This would replace the Formac if you do not get it fired up.
Al

Mac App Store images won't load.

Hi,
I recently purchased a refurbished Mac Mini (2.3 ghz model). Any time I try to access the Mac App Store there are several icons that won't load. They'll simply display the small blue box with the question mark inside of it. If I refresh the page multiple times, occasionally it will load all of the icons. If I click on the app that doesn't have the icon displayed, all of the images load properly, but from the main pages (featured, top charts, etc) they don't load. The icons that don't load are usually the same; I haven't had the Mac long enough for all of the apps on the featured page to change. I'm new to Mac and don't know if there is something that I'm doing wrong. Any help would be greatly appreciated. I'm enjoying the experience so far, but it is highly annoying that this happens constantly. If it helps, this has happened since I got it. Could this be an issue with the unit itself?

Unfortunately that didn't help. These are images that are within the Mac App Store itself not images viewed through Safari (I also use Firefox). I did have an issue with Safari a couple of times where images weren't loading on it either, but it is occasional in comparison to the app store which is constant.

Mac Malware/poisoned images

Similar Messages

Maybe you are looking for