[MacTUG] [Sec-wg] Mac Malware report

Mike Patterson mpatterson at uwaterloo.ca
Thu Oct 16 22:19:00 EDT 2014 

Thanks for this, Keith. One thing I did notice in the machine’s IDS history was outdated Flash and Air components. This may have been a driveby using those, or maybe it was as simple as the user installed the wrong thing at the wrong time and this thing was bundled with.

Either way, a useful reminder that we Mac users aren’t immune, just in case the lessons of FlashBack have faded. :)

Mike

On Oct 16, 2014, at 15:03, Keith Peck <kdpeck at uwaterloo.ca> wrote:

> Hi,
> I bumped into Mike Patterson on the way back from a building this afternoon and mentioned to him that I removed some malware from a Mac OS X machine; it is running 10.9.5 (Mavericks) and has had the BashBug update installed on it.
>  
> Symptoms were that Safari, Firefox and Google Chrome browsers were all redirecting to web pages other than the intended targets, typically either a survey page (asking for more ‘personal’ info with a chance to win a prize or gift certificate) or to a site advertising that you should try “Mac Keeper” (Apple discussions – do not install Mac Keeper) an even more invasive malware program.
>  
> Home pages and default search tools had been changed to “ConduitSearch” – changing them back to the defaults didn’t fix the redirection or adds shown on search page results (nothing explicit, but content was at the boundary of being non-suitable for work.)
>  
> Did a Google search and I used the TSMART.zip Tool found at http://www.thesafemac.com/art/ to remove the threat plus a few related threats:
>  
> ConduitSearch
> Genio adware
> Downlite
>  
> Uninstall of Firefox and a restart was required to complete the cleanup.
>  
> Overall found the following site to be useful for both info and tips to remove Mac Malware: http://www.thesafemac.com/
>  
> --
>  
> I will forward details to SOC about the name of the machine that the malware was removed from.
>  
> Keith Peck
> Client Services, Information Systems and Technology
> University of Waterloo, Waterloo, Ontario, Canada, N2L 3G1.
> MC 2020, (519) 888-4567 x.37770
> kdpeck at uwaterloo.ca
>  
> _______________________________________________
> Sec-wg mailing list
> Sec-wg at lists.uwaterloo.ca
> https://lists.uwaterloo.ca/mailman/listinfo/sec-wg

More information about the MacTUG mailing list