- May 28, 2007
- 15,995
- 1,688
- 126
So my mom was surfing the net with a macbook air (late 2014) and points Safari to a website that crashes the browser and sends a pop up window with a "Apple Support" phone number. She tells my dad, and he calls the number, and the guy convinces him to let him remote into the machine to "fix the problem". The guy force-quits Safari, relaunches, copies the serial number and points Safari to the apple support site, and pastes in the serial number and shows my dad that the 90 day support has expired. Tells my dad that he can sign up for another year of tech support. Thankfully, my dad insists on calling his son first, and I shut the whole thing down.
I'm not too worried about the initial attack that crashed Safari, I'm sure it's just a compromised website. I'm much more worried that this guy remoted into the system. I told my dad to wipe the HDD and start over, but then I kind of pulled back a bit, went into the machine and opened up activity monitor. I couldn't find anything that looked suspicious. Nothing was sending or receiving packets, no weird processes running, nothing weird loaded into memory.
I updated to the latest version of OSX, and right now I'm running a time machine backup (I know this won't help if the machine is infected, but just in case it's not now and gets infected later, it will be a much easier sell to go back to an earlier state.) I'm also going to disable flash. I told them to let me know if anything weird happens.
Am I wrong here? Am I taking a big risk by not wiping the hard drive? Anything else I can do to check if the system is infected?
I'm not too worried about the initial attack that crashed Safari, I'm sure it's just a compromised website. I'm much more worried that this guy remoted into the system. I told my dad to wipe the HDD and start over, but then I kind of pulled back a bit, went into the machine and opened up activity monitor. I couldn't find anything that looked suspicious. Nothing was sending or receiving packets, no weird processes running, nothing weird loaded into memory.
I updated to the latest version of OSX, and right now I'm running a time machine backup (I know this won't help if the machine is infected, but just in case it's not now and gets infected later, it will be a much easier sell to go back to an earlier state.) I'm also going to disable flash. I told them to let me know if anything weird happens.
Am I wrong here? Am I taking a big risk by not wiping the hard drive? Anything else I can do to check if the system is infected?
Facebook
Twitter