Comments | once_a_banana: Is my computer still safe?

once_a_banana

Is my computer still safe?

Feb 20, 2010 01:03

Oh gurus of the current state of Mac OS and PC viruses, malware, and so on.... some advice please. Some of you may have gotten an obviously virus/spam message in your Facebook inbox from me today, with the subject "tua foto?!" and the phrase "Es este tu foto?" along with a link that may have been some variation on very sketchy or kind of legit- ( Read more... )

Comments 6

gmonkey42 February 20 2010, 12:43:18 UTC

Sorry, I have no idea. But I got the e-mail. I did click the link but when the page started loading, I realized it wasn't legit and closed it.

Crap, I hope I didn't get infected.

once_a_banana February 20 2010, 18:57:54 UTC

Uh Oh.... I worry that it will have gotten you too. At least your FB account, if nothing else.... In addition to reporting the link you got as coming from my profile, you should probably try to report your own profile as having clicked on something (not quite sure how to do that though)...

anadamous February 20 2010, 20:18:26 UTC

I haven't gotten the message for you (or anyone) if that helps.

If there's a keylogger running on your system, you will see a process running on the computer. OS X is nice because you can just go to the command line and run "ps aux" -- but this is pretty useless advice if you don't know what to expect there. You can also run a search on your system for any files that have been created or changed since February 10th.

It is definitely possible to write viruses/etc for OS X, and people have, but I haven't heard of any getting distributed. It's highly unlikely that you got infected. I realize this isn't all that helpful, sorry. :(

thecolorblue February 20 2010, 22:56:34 UTC

so this has nothing to do with your OS and everything to do with your browser and JavaScript. this is called a cross site scripting attack and basically what happens is when you clicked the link, you launched some JavaScript code. then that code grabbed whatever information it could from your browser cookies -- including your login info, any other login info from other sites you were still logged into OR were still stored in your browser memory (gmail, your bank, twitter, flickr, other web-based services, etc). it also grabbed all of your facebook friends' emails, which is how it was able to send emails to your friends ( ... )

once_a_banana February 21 2010, 01:01:03 UTC

Cool, thanks! As far as I know it hasn't done anything to my email account, and instead sent messages from my FB account to other FB users. I've done all the cache clearing and password changing now... but I worry that my FB account itself, as stored on their servers, is still infected (I did report it though, so hopefully they're also on the case).

thecolorblue February 20 2010, 22:58:18 UTC

fyi this is why bank websites always tell you to quit your browser/clear your cache after you're done using your bank because you have stored cookies from the session and these can be grabbed by a JavaScript exploit.