Strange request to download Safari.app Allow or Deny? - ehMac.ca
Facebook
Twitter
YouTube
Register FAQ Members List Calendar Search Today's Posts Mark Forums Read Advertise


Reply
 
LinkBack Thread Tools Display Modes
Old May 30th, 2008, 01:40 AM   #1
Honourable Citizen
 
cap10subtext's Avatar
 
Join Date: Oct 2005
Location: Toronto
Posts: 2,539
Strange request to download Safari.app Allow or Deny?

Okay, I know this may seem like another hysteria thread. I was worried I came across something that *could* have been a trojan. This is not a Troll, I'm not just stirring up trouble, I just want to know what to do in this situation.

I ended up on a strange looking website hunting for an image and suddenly I got a prompt asking me for permission to download Safari.app Deny or Allow? Out of surprise I quickly hit deny. But then I started wondering where that request came from.

Now that I've tried surfing back to the site I'm not getting the same request anymore. I wanted to DL it and run it through ClamXav to see what it was.

So what do I do? So maybe it wasn't a virus/trojan (perhaps at best a clumsy oopma-loompa wannabe?) but I want to investigate further. Would there be a log somewhere that would have recorded the request that I could figure out where the download was coming from?
__________________
cap10subtext is offline   Reply With Quote
Sponsored Links
Advertisement
 
Old May 30th, 2008, 03:59 AM   #2
Full Citizen
 
Join Date: Sep 2006
Posts: 701
I get the feeling some anti-virus company is implanting those "ads" in their ads network to scare Mac OS X users into thinking Mac viruses are on their way.. Probably yet another one of those harmless popups

Patrix
9780 is offline   Reply With Quote
Old May 30th, 2008, 08:48 AM   #3
Honourable Citizen
 
Macaholic's Avatar
 
Join Date: Jan 2003
Location: Toronto
Posts: 8,815
"Deny or allow", eh? Doesn't VISTA ask confirm things with that lingo? My guess is that it possibly could be a veil for some form of Windows malware, worded in a way to dupe Windows users. One thing for sure is that Apple wouldn't be distributing Safari in such a manner.

What is the URL?
__________________
32GB iPad 1 WiFi. 2011 Mac Mini Server (used as a workstation) 2GHz quad-core i7/8GB/1TB, 24" BenQ LCD, 17" NEC LCD, Magic Trackpad. MacBook 2.4GHz Core2 Duo/2GB/200GB/DL-DVDRW. Apple TV 2, 32" flat panel TV, Logitech DiNovo Edge BT keyboard & trackpad. >5TB of FW drives, 16GB iPhone 4S. In memoriam: my Sawtooth "Frankenmac" with upgraded dual 1.3GHz G4/2GB/360GB striped RAID/DVDRW/ATI Radeon 9000 Pro
Macaholic is offline   Reply With Quote
 
Old May 30th, 2008, 11:25 AM   #4
Honourable Citizen
 
fjnmusic's Avatar
 
Join Date: Oct 2006
Location: Sherwood Park, AB
Posts: 10,314
Well, they do make Safari for Windows now, so it's probably a pop-up from the DOS/PC world. I wouldn't worry too much about it.
fjnmusic is offline   Reply With Quote
Old May 30th, 2008, 11:53 AM   #5
Honourable Citizen
 
cap10subtext's Avatar
 
Join Date: Oct 2005
Location: Toronto
Posts: 2,539
100% sure it wasn't a popup. It was a system prompt. Similar to the kind you get when you download an application off the web and try to open it.

Vista is "cancel or allow".

I don't know... I've tried to replicate the situation a number of times but I haven't gotten the same prompt since. I also can't seem to find an image of a similar prompt.

I don't know... Too weird. Show's over nothing to see here.
__________________
cap10subtext is offline   Reply With Quote
Old May 30th, 2008, 12:13 PM   #6
Honourable Citizen
 
EvanPitts's Avatar
 
Join Date: Mar 2007
Location: Hamilton, ON
Posts: 6,427
Quote:
Originally Posted by cap10subtext View Post
100% sure it wasn't a popup. It was a system prompt. Similar to the kind you get when you download an application off the web and try to open it... I don't know... I've tried to replicate the situation a number of times but I haven't gotten the same prompt since. I also can't seem to find an image of a similar prompt.
I don't know... Too weird. Show's over nothing to see here.
I think it was probably some kind of pop-up that looks like the real thing. There have been reports of such things; and I have had three different ".app" files download to my machine in the past month. It is most certainly some kind of trojan, which even if it does download, can not do any real damage unless you make the "crucial step" to install it. Then, it will probably reveal itself to be some kind of malware, perhaps reporting important information back to some crime syndicate in Central Asia or Russia, or where ever.

Windoze does not use ".app" files - it uses either .COM or .EXE files, and .DLL files can also be malware hidden as an "important device driver update".

All Apple software will go through the Software Update program. With the things that have been happening, and the fact that OSX is becoming a target of malware (perhaps more so because of the very real difficulty of creating a virus that is effective and spreadable)... Windoze users are prone to using continuous virus scanning, and perhaps even multiple scanners just to try to keep their systems as secure as possible - something that Mac users have not had to worry about at all. I wouldn't install any Apple update unless it went through the legitimate Software Update program, or unless I downloaded the update direct from Apple.Com.

Malware like trojans will probably not be picked up by ClamXAV; at least until it has become common enough to add to the database. ClamAV in general misses many potential malware attacks - it's main benefit is that it is free and catches Word Macro malware that Macs are adept at transmitting. So unless I had a specific machine that I could sandbox (and that I had nothing of importance on), I wouldn't attempt to actually run any .app malware - and I certainly wouldn't do such things on a machine connected to the Internet (or a network of any sort).

Mac users will have to adjust to such things - they will become more common. It just comes down to common sense, and using the tools that are available to OSX, to keep the machines safe and secure.
EvanPitts is offline   Reply With Quote
Old May 30th, 2008, 12:18 PM   #7
Honourable Citizen
 
EvanPitts's Avatar
 
Join Date: Mar 2007
Location: Hamilton, ON
Posts: 6,427
Quote:
Originally Posted by cap10subtext View Post
I ended up on a strange looking website hunting for an image and suddenly I got a prompt asking me for permission to download Safari.app Deny or Allow? Out of surprise I quickly hit deny. But then I started wondering where that request came from.
After a moment of thought - it is probably a bad idea to hit "Deny" because if it is some kind of malware, who would think that the writer would actually mean Deny? If I was writing it, I'd make damn sure that once the user hit "Deny", the malware would be installed in the same manner that if the user hit "Install". I would make sure to just delete the window all together - and make sure that the page had not dropped a .app file into the Downloads folder. And if it is there, I definitely would not grant it the eXecute flag, even out of curiosity, unless I had a specially set aside machine that could be trashed with no problems...
EvanPitts is offline   Reply With Quote
Old May 30th, 2008, 12:27 PM   #8
Honourable Citizen
 
cap10subtext's Avatar
 
Join Date: Oct 2005
Location: Toronto
Posts: 2,539
Quote:
Originally Posted by EvanPitts View Post
After a moment of thought - it is probably a bad idea to hit "Deny" because if it is some kind of malware, who would think that the writer would actually mean Deny? If I was writing it, I'd make damn sure that once the user hit "Deny", the malware would be installed in the same manner that if the user hit "Install". I would make sure to just delete the window all together - and make sure that the page had not dropped a .app file into the Downloads folder. And if it is there, I definitely would not grant it the eXecute flag, even out of curiosity, unless I had a specially set aside machine that could be trashed with no problems...
I always wondered about that. Once I started designing the interface to programs I realized the cancel button has to be programmed in and it's function is arbitrary. But how do you close a system dialog without pushing one of the buttons?
__________________
cap10subtext is offline   Reply With Quote
Old May 30th, 2008, 01:22 PM   #9
Honourable Citizen
 
Join Date: Nov 2006
Posts: 17,549
I might be tempted to use Terminal and check the download folder for any uninvited invisible files. Again do not grant any unbidden requests for your password!!!
__________________
I do not embed ad links. I do not endorse any products which may be linked to my posts. Do not click on those links.

I retain all rights to photo-images I have posted on ehMac. They were posted that other members of the community could enjoy them. They may not be used or sold in any other way without my written consent.

Social Distancing is an Oxymoron. The correct term is Social Demonization or Social Repression. Bandits, thieves and politically correct thugs hide behind masks.
eMacMan is offline   Reply With Quote
Old May 30th, 2008, 01:25 PM   #10
New Neighbour
 
Join Date: May 2005
Posts: 6
Safari.app

I got a weird request to change the font on a copy of Safari that resides on my backup hard drive this morning . I was on this website and the request popped up with the same allow or deny !!??
trex is offline   Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
strange request since updating to 10.2.4 csonni Mac, iPhone, iPad and iPod Help & Troubleshooting 3 Feb 17th, 2003 11:50 AM


All times are GMT -4. The time now is 06:17 PM.



Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2020, vBulletin Solutions, Inc.
vBulletin Security provided by vBSecurity v2.2.2 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
Copyright 1999 - 2012, ehMac.ca All rights reserved. ehMac is not affiliated with Apple Inc. Mac, iPod, iTunes, iPhone, Apple TV are trademarks of Apple Inc. Content Relevant URLs by vBSEO 3.6.0 RC 2

Tribe.ca: Urban living in Toronto!