PDA

View Full Version : A URL screwed my Mac.



Phase
9th September 2007, 08:55 AM
I'll be brief, but the story goes like this.

I was online, doing some research and chatting in Adium, when a new chat window opened. No problems I thought, who wouldn't want to chat with me? :p

I was linked to a fake myspace page. I.e. "normaladress dot myspace dot word-that-shouldn't-be-there- dot com" I saw it, and ignored it. I then noticed the conversation was actually a multi user one, with new people entering it at the rate of about 10 a second, all linking the same page. Whatever, I thought.

I left it go for a little while, and as I went to close the chat, I managed to be a complete moron, confuse my chat windows, (little over 10 people) and hit the link.

Well. Here's where the fun starts.

My system immediatly locked up, Safari started generating about 10 new windows a second, and Adium started to open "new contact" and a tirade of new adresses appeared. But here's the awful part It executed terminal with scripts already loaded. That is what got me. This continued for about 6 seconds, and as I went to power the book down, it kernel paniced.

Wow. was all I could think.

So I powered him back up, and all was well(ish). Except that spotlight no longer worked. At all. I tried running disk permissions, repaired them, ran every checker I know, several restarts later, no dice.

I've just finished reformatting my mac.

Thought I'd share :(

rickyd
9th September 2007, 09:07 AM
If it was in anyway related to myspace shouldn't you take this up with them.
I wonder how this could happen. How does a webpage take control of the OS?

Ricky.

Phase
9th September 2007, 09:11 AM
If it was in anyway related to myspace shouldn't you take this up with them.
I wonder how this could happen. How does a webpage take control of the OS?

Ricky.

It wasn't an actual myspace page, just as someone could make a www.ebay.mactalk.cheese.com page.

and I don't know, I am however concerned that it managed to fire up Terminal, with a script. That's the scary part.

Wally
9th September 2007, 09:26 AM
Shouldnt this be reported to apple?

MrJesseRoss
9th September 2007, 09:42 AM
The first message that linked you - it wasn't from an AOL/AIM address was it?

I don't trust anything that comes through on AOL. There's so much spam flying around that service. I've had the occasional message come through from people I don't recognise, with links attached. When I respond ("who the hell are you?") they often have no idea, and never sent the message in the first place.

Basically, there's weird stuff on AOL.

(If it wasn't AOL, disregard this.)

Squozen
9th September 2007, 10:02 AM
You probably just needed to rebuilt Spotlight's index...?

I hope now that you've reformatted your machine, you've created two accounts, an admin one and a standard user account, so you can't break anything while you're clicking random links. :D

Phase
9th September 2007, 10:14 AM
The first message that linked you - it wasn't from an AOL/AIM address was it?

I don't trust anything that comes through on AOL. There's so much spam flying around that service. I've had the occasional message come through from people I don't recognise, with links attached. When I respond ("who the hell are you?") they often have no idea, and never sent the message in the first place.

Basically, there's weird stuff on AOL.

(If it wasn't AOL, disregard this.)

Oddly enough it was from an AOL account, or at least the first chat opening was, after that it was mainly @hotmail accounts.

Fair to say I'll just end up blocking unknowns from here on in =/

Phase
9th September 2007, 10:17 AM
You probably just needed to rebuilt Spotlight's index...?

I hope now that you've reformatted your machine, you've created two accounts, an admin one and a standard user account, so you can't break anything while you're clicking random links. :D

I tried to rebuild the index, but it hung for about 5 mins, beach balling, then said it was done.
With nothing to show.

As for the accounts, not a bad idea.

I should probably mention, that I just re-formated less than 3 days ago, so apart form the OS X update bandwidth, I didn't really mind save for the time factor.

Currawong
9th September 2007, 01:03 PM
Sounds like someone, somewhere, managed to write a script that stuffed up your machine. Would be interesting to know what the url was.

SilverJ
9th September 2007, 03:16 PM
Before you formatted you should have gone into url history of your browser and got the url from there...

Phase
9th September 2007, 03:30 PM
Before you formatted you should have gone into url history of your browser and got the url from there...

I copied it into a text file, onto an external drive, I'm planning on filling out a report to send to Fruit when I get home.

forgie
9th September 2007, 03:34 PM
Did you have 'Open "Safe" files after downloading' enabled? It would be good to know if there were any files on your desktop that Safari deemed "safe" and automatically opened.

I remember when the "safe files" vulnerability came up 12 (? not sure) months ago, I (and a few others) were pretty pissed that Apple didn't fix the underlying problem, instead relying on relatively insecure "safe check".

Hopefully there'll be a real exploit of the vulnerability, and Apple can get off their ass and fix the problem properly.

MacDave
9th September 2007, 03:36 PM
Sounds like someone, somewhere, managed to write a script that stuffed up your machine. Would be interesting to know what the url was.


There was a Safari exploit that Danamania started a thread on several months back here on MTAU. The shortt story is, always disalbe Safari's "Open Safe Files After Downloading." in its genera preference pane.

Dave