An open community 
of Macintosh users,
for Macintosh users.

FineTunedMac Dashboard widget now available! Download Here

Topic Options
#42162 - 10/16/16 08:39 AM Website tried to download then this happened
Bensheim Offline


Registered: 08/16/09
Loc: UK
On a KNITTING website, of all places.

A pop up allegedly from Adobe Flash, tried to download an update. I declined the request. As I watched, up came a screen telling me where to put the "download". Then a "warning" from "Apple" that this Mac has been infected and I should phone a number.

Firefox history shows the trail: this one shows against "Official Apple Support"

http://systemuseasurement.club/........www.knittingpatterncentral.com

Shall I tell Knitting Pattern Central that their site contains potentially malicious bugs, or not bother?

There was no download, in case you're wondering. Either I stopped it or it was a scare tactic.

Top
#42163 - 10/16/16 11:05 AM Re: Website tried to download then this happened [Re: Bensheim]
pbGuy Offline


Registered: 08/04/09
Loc: Portland, Oregon
Originally Posted By: Bensheim
... Shall I tell Knitting Pattern Central that their site contains potentially malicious bugs ... ? ...


Yes
_________________________
MBP15 i7 (2017) - 1TB PCIe-SSD - 10.15.2, iPhone X & iPadPro 11 WiFi, Watch4

Top
#42187 - 10/17/16 08:38 AM Re: Website tried to download then this happened [Re: pbGuy]
Bensheim Offline


Registered: 08/16/09
Loc: UK
The email address provided under Contact Us on their website does not exist. My attempt to warn them bounced back.

So much for trying to help people. confused

Top
#42189 - 10/17/16 09:11 AM Re: Website tried to download then this happened [Re: Bensheim]
joemikeb Offline
Moderator

Registered: 08/04/09
Loc: Fort Worth, Texas
Your link is a redirect from another site and any malware such as you encountered may have come from any place along the reference chain and not necessarily from Knitting Pattern Central. But since my wife is a former knitter out of curiosity I Googled Knitting Pattern Central and had no problems browsing their site and encountered no malware or warnings. However, when I went to their Contact Me page I found the following notice...
Originally Posted By: Kintting Pattern Central Contact Me
Please do not write using a sbcglobal.net, att.net, earthlink.net, hotmail.com, or live.com email address. All of these email providers will currently not allow my replies through. If you have an alternate gmail.com or yahoo.com email address (etc) please use it instead. Thank you!!

The only reason I can think of that might cause sbcglobal, att, earthlink, etc. to block an email address is because it has been associated with spam or malware. The event triggering the block may, or may not, have happened with the knowledge and consent of the site owner/operator or it could have been a relatively innocent mistake such as sending an email to too many addressees (that can result in a site being blocked as a suspected spammer), but it would make me suspicious and wary of anything downloaded from such a site. ☹️
_________________________
joemikeb • moderator

Top
#42255 - 10/24/16 07:36 AM Re: Website tried to download then this happened [Re: Bensheim]
Virtual1 Offline


Registered: 08/04/09
Loc: Iowa
Originally Posted By: Bensheim
The email address provided under Contact Us on their website does not exist. My attempt to warn them bounced back.

So much for trying to help people. confused

That's not an accident. The professional fraudsters go through their list of bot-harvested vulnerable websites and try to contact the owners by any of the usual means. If they can, they pass. They'll only spend time hacking and infecting a website that's going to stay under their control for awhile, due to helpful people like you being unable to contact the owners to fix their broken crap page.
_________________________
I work for the Department of Redundancy Department

Top
#42271 - 10/24/16 11:43 AM Re: Website tried to download then this happened [Re: Bensheim]
tacit Offline


Registered: 08/03/09
Loc: Portland, Oregon, USA
It looks to me like the popup you saw was not a compromise of Knitting Pattern Central. Instead, that site uses a third party ad network, and the ad network allowed a poisoned ad through.

The Contact page lists a gmail address, but the Privacy Policy page lists another address: contact (at) knittingpatterncentral (dot) com
_________________________
Photo gallery, all about me, and more: www.xeromag.com/franklin.html

Top

Moderator:  alternaut, dianne, MacManiac