<br />
<b>Warning</b>:  mysqli::__construct(): (HY000/1203): User howardkn already has more than 'max_user_connections' active connections in <b>D:\Inetpub\vhosts\howardknight.net\al.howardknight.net\includes\artfuncs.php</b> on line <b>21</b><br />
Failed to connect to MySQL: (1203) User howardkn already has more than 'max_user_connections' active connectionsPath: ...!2.eu.feeder.erje.net!feeder.erje.net!fu-berlin.de!uni-berlin.de!individual.net!not-for-mail
From: Jolly Roger <jollyroger@pobox.com>
Newsgroups: misc.phone.mobile.iphone
Subject: Re: Are iPhones subject to ransomware attacks?
Date: 15 Mar 2024 22:18:48 GMT
Organization: People for the Ethical Treatment of Pirates
Lines: 96
Message-ID: <l5jvq8Fj8sdU1@mid.individual.net>
References: <ut26gf$2e534$1@dont-email.me>
Mime-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
X-Trace: individual.net o5RyJ/T54OqQ/kAulcfwmw6ON7pySgTRJ7c1lpMg4DUY2jnGhS
Cancel-Lock: sha1:I+m5AVSntoMdfZ4S9W+L6ROh1Gk= sha256:2PhRV2Lon1LMQUTn0gMnn43ziFtZHsBtf4w3AVPT7jI=
Mail-Copies-To: nobody
X-Face: _.g>n!a$f3/H3jA]>9pN55*5<`}Tud57>1<n@LQ!aZ7vLO_nWbK~@T'XIS0,oAJcU.qLM
 dk/j8Udo?O"o9B9Jyx+ez2:B<nx(k3EdHnTvB]'eoVaR495,Rv~/vPa[e^JI+^h5Zk*i`Q;ezqDW<
 ZFs6kmAJWZjOH\8[$$7jm,Ogw3C_%QM'|H6nygNGhhl+@}n30Nz(^vWo@h>Y%b|b-Y~()~\t,LZ3e
 up1/bO{=-)
User-Agent: slrn/1.0.3 (Darwin)
Bytes: 5459

On 2024-03-15, <bp@www.zefox.net> <bp@www.zefox.net> wrote:
>
> A neighbor asked me for help with an iMac that had fallen victim to 
> a ransmomware attack ("this computer has been locked, call the number 
> below...."). 

To be successfully attacked by malware, a Mac user must interactively
download the malware to their computer, interactively launch it from
their ~/Downloads folder, and interactively enter administrator
credentials when prompted. If your neighbor didn't do all of that, then
they probably aren't actually infected. A website displaying a message
saying your are infected doesn't mean you actually are - it's more
likely just an ad pop-up message trying to trick you into downloading
some piece of software that actually *is* malware - a very common thing
on shady websites.

Your neighbor probably isn't running an ad blocker (like 1Blocker, or AdGuard)
which would have prevented them from seeing this scam while visiting the
offending website in the first place.

To verify there is no malware installed, have them download MalwareBytes
(the free version is all they need) and run it. It will tell them if it
finds anything nefarious installed.

They should also learn from this experience and change their behavior
accordingly:

As long as you use *safe computing practices*, you really don't need to
worry much about Mac malware. Here are some common sense safe computing
practices everyone should follow:

- always install security updates in a timely manner after they are
  released

- always run an ad blocker (like 1Blocker, AdGuard, or AdBlock Plus) in
  your web browser so that you won't see distracting advertising as well
  as unsolicited pop-up windows that claim you are somehow "infected” or
  "missing some video software" and therefore need to download and
  install some piece of untrusted software on your computer to fix some
  supposed "problem” they supposedly "detected" - and if you do still
  see these, don't fall for them as they are obvious scams

- always refrain from downloading and installing software from untrusted
  sources - instead go directly to the software maker's website or to
  the official App Store

> I'm left wondering if iPhones are subject to similar attacks, since 
> they offer most of the services found on desktop computers including 
> browsers.

You are nowhere near as likely to fall victim to such malware on iPhones
due to the enhanced security protections on them. While a Mac is
considered a general computing device, an iPhone is much more locked
down due to it being more of an appliance.

As such, all apps on iOS devices are sandboxed which means they cannot
access the file system outside of their own app sandbox, or data in
other apps, or system data, or even things like the camera or microphone
without getting explicit permission from the operating system and the
owner of the device. 

This means there is no way for a so-called antivirus program to scan for
malware. It also means there is no way for malware to access other apps
or the system. And that means there is no need for antivirus utilities
in the first place. So-called “antivirus” and “security” apps for iPhone
don’t actually scan the device for malware — instead, they try to
convince you to purchase additional and unrelated software and services
like VPNs. It’s best to avoid these apps, as they are essentially
worthless.

> The subject computer was reasonably up-to-date and only a couple years
> old. The hijack was during an attempt to connect to MapQuest using the
> Safari browser.

What your neighbor saw was probably just a nefarious "ad" displayed by
the website. That "ad" was trying to trick them into downloading
malware. This is very common, and an ad blocker will remove such
annoyances.

> The screen seemed locked and I  didn't know how to recover control.

It was probably just a web browser window that was full screen. Force
quitting the browser would fix that situation.

And certainly force shutting down the computer by holding down the power
button for 10 seconds would do the trick.

> Thanks for reading, and apologies if this is a dumb question!

Nah!

-- 
E-mail sent to this address may be devoured by my ravenous SPAM filter.
I often ignore posts from Google. Use a real news client instead.

JR