The Safe Mac

Follow The Safe Mac on Twitter to stay advised of the latest Mac security news!


FBI ransomware “virus” rampant

Posted on July 15th, 2013 at 9:28 AM EST

warning

There have been many reports among Mac users recently of being “infected” with an FBI ransomware “virus,” telling them that their computer has been seized and that they have to pay money to get it unlocked. Fortunately, from the reports I’ve been getting, there is no indication that this is actually Mac malware of any kind. It’s simply an obnoxious browser pop-up, displayed via JavaScript, in an attempt to fool people into paying.

I have yet to see this behavior first-hand, but it’s undoubtedly being caused by JavaScript that has been injected into legit sites, either through malicious ads or by hacking the site. Keep in mind that the old wisdom that you’re fine if you avoid “bad” sites is no longer particularly good. Most malware these days is distributed through legit sites, so any site could potentially fall victim.

force quit Safari

The question, then, is what to do if you see this pop-up. If you cannot close the window or the browser, then you will need to force the browser to quit. Press command-option-esc to display the force quit window. In that window, make sure your web browser is selected, then click the Force Quit button. Once the browser quits, you can close the force quit window.

Depending on your browser and/or system settings, your browser may try to reload the pages that were open the last time it quit. This could cause the problem to recur immediately, as soon as you open your browser again. In Safari, you can avoid this by holding down the shift key while opening the app.

Once you have your browser open again, you should be fine. You could clear your cookies and browser cache if you like, but that really won’t be particularly useful. Contrary to popular belief, this will not cure such problems or prevent them from occurring.

Tags:


16 Comments

  • PTSPM says:

    What could help prevent this? Is disabling JavaScript a solution? I know that many websites would not display correctly without JavaScript.

    • Thomas says:

      You could always use a JavaScript blocker that lets you specify what JavaScripts are allowed to run. In my experience, though, those are a pain in the arse to use. A lot of the time, you’ll have trouble figuring out which scripts to allow and which to deny. Besides, there’s no real threat to these scams as long as you don’t fall for it.

    • Thomas says:

      :D

      (For those who can’t see the post at the link provided, sjf0123 had tried to get my attention about this issue on a private forum, then found I had already written about it!)

  • Brittany says:

    stevejobsfan0123 that link is invalid for me. Sort of. I signed in and it said that I was unauthorized to view this discussion.

  • Al Varnell says:

    I think Shawn’s solution http://www.magmatic.com/magmatic-awareness-alert/ may be better than force quitting Safari.

    To prevent the loop from running and exiting the page

    Disable Javascript.
    Hit back in Safari.
    Enable Javascript.
    Reset History and Top Sites as a precaution.

    • Thomas says:

      Well, the problem with that is that it may not work for everyone. If you can disable JavaScript, that would be fine, but if you can’t access your preferences for some reason or don’t know how, force quitting will work. Holding down the shift key when re-opening Safari will prevent the site from re-loading when it starts up.

  • Krisliz3 says:

    Are you folks certain that this has not been adjusted to now infect Macs?

    I didn’t force quit, I held down the power button to shut down the Mac. When I restarted, I could not update my McAfee anti-virus. If it was merely a script running on a webpage, why would I have that problem?

    When I restarted the Mac in the AM I could update and a scan said nothing was found. I also ran Stinger but that program is 15 months old. I had not had McAfee warn me about anything in 2 years until that FBI screen showed up.

    Thanks.

  • Seems like it’s been there forever. I don’t think Yahoo tech editors have noticed. Yahoo just keeps getting worse and worse. I don’t go to Yahoo for TV listings anymore. Now I’m writing off Yahoo as a source of tech news.

    • Someone says:

      Wait, what does Yahoo have to do with the price of tea in China? I am a proud Yahoo Mail user (although I’m sloooowly succumbing to the world-dominating effects of Google) and if I should boycott Yahoo I’d like to know.

      Thanks :)

  • Southern Belle says:

    I had this scam pop up on my new MacBook last week. It would not allow me to do anything at all to stop Java Scripting while on screen- I could only force close Safari. Since then, my MacBook has been fine and I do not have any residual effects.

  • CFMcBlob says:

    I actually downloaded the source code from one of these pages. It was hilarious to see how they put it together!

  • Colin Robinson says:

    A page like this came up on my browser (Safari) yesterday, but claiming to be from the AFP (Australian Federal Police) rather than the FBI. Although it says “Your browser has been locked”, this is NOT the case. The ONLY thing it stops me from doing is closing that window itself. When I try to close it, it does not close, instead a further “warning” appears. Even though I can’t close the page, I CAN change its size, minimize it, and view its source code. Right now it is on my screen as a little minimized icon, but does not prevent me from writing this message.

    In short, it fits your description: It’s an obnoxious browser pop up, but not actual malware.

    • Thomas says:

      Yup, that’s a variant of the FBI scam aimed at US residents. There are many different variations, all differing based on the country being targeted.

This post is more than 90 days old and has been locked. No further comments are allowed.

This page and all contents (unless otherwise noted) copyright 2011-2014 by Thomas Reed.
For questions or comments, please contact me.