The Latest in IT Security

On “FBI” “Ransomware” and Macs

19
Jul
2013

On Monday, Malwarebytes researcher Jerome Segura posted a nice write up (and video) about FBI themed ransom scams targeting users of Apple Mac OS X.

The basics are as such:

  •  Segura discovered the scam via a Bing Images search for Taylor Swift.
  •  A compromised site hosting the image linked to a webpage mimicking police ransomware.
  •  Only it isn’t really “ware” in the normal sense of a ransomware trojan.
  •  The scam uses clever persistent JavaScript in its attempt to trick people into paying a supposed fine.

And now we’d like to contribute some additional notes.

Located in Canada, Segura was directed to an FBI themed webpage. This is probably due to his North American IP address, or else he was using a US-based proxy.

In Europe, the result is Europol themed:

Europol_Ransom_Scam_Mac

And the scam uses a Europol-themed URL:

Europol_Ransom_Scam_Mac_Locked

Also, such scams are not just targeting Macs, as this comment from The Safe Mac explains.

TheSafeMac_FBI_Ransomware

Crimeware kits are always targeting everything all the time. Windows, Macs, every OS.

But most of the time… there isn’t a good exploit vector with which to target Macs with malware, so they are redirected to something “spammy” instead. For example, now that the ransom scam has been exposed, this is what the FBI and Europol URLs are currently redirecting to:

Find Your Adult Friend

Find Your Adult Friend: a site which uses scraped images. (Avoid.)

Leave a reply


Categories

TUESDAY, DECEMBER 03, 2024
WHITE PAPERS

Mission-Critical Broadband – Why Governments Should Partner with Commercial Operators:
Many governments embrace mobile network operator (MNO) networks as ...

ARA at Scale: How to Choose a Solution That Grows With Your Needs:
Application release automation (ARA) tools enable best practices in...

The Multi-Model Database:
Part of the “new normal” where data and cloud applications are ...

Featured

Archives

Latest Comments