“Your Apple Computer has been blocked” web popup – How to block the site


malware

If your browser has popped up a little window that says your “Apple Computer has been blocked” and asks you to call a number so that the problem can be fixed.

First

DO NOT CALL THE NUMBER

COUNT TO TEN, CALM DOWN – your blood will run cold, but it is easier to deal with this calmly

I will summarise the steps and then go through them in more detail

  • make a note of the url – e.g. http://www.somecontaminatedserver.com?referred=someotherplace.com
  • close your browser by going to menu -> Safari -> Quit Safari
  • edit your hosts file to set that url to your loopback ip address
  • flush the dnscache
  • open your browser, but DO NOT open closed windows
  • flush your browser cache
  • do a complete virus scan of your computer

Make a Note of the URL

This appears in the top of your browser – simply click in the browser panel, select all, copy and paste into a text editor

Close the Browser

You may lose whatever web pages you were looking at – but that’s tough – better to be safe than sorry

Edit your hosts file

be very careful how you do this, possibly even take a backup of this file first, so

sudo cp /etc/hosts /etc/hosts.old (you will be prompted to enter your password)

sudo vi /etc/hosts (you will be prompted to enter your password)

add a new line to the bottom of the file which is basically

127.0.0.1     <hostname part of url>

so for http://www.somecontaminatedserver.com?referred=someotherplace.com

you are only interested in this part http://www.somecontaminatedserver.com?referred=someotherplace.com

Therefore your entry will be

127.0.0.1    somecontaminatedserver.com

if there is a referral line then you may also want to block the referrer

in our example the referrer is http://www.somecontaminatedserver.com?referred=someotherplace.com

so add another entry so that our /etc/hosts file has two new lines at the bottom

127.0.0.1    somecontaminatedserver.com

127.0.0.1    someotherplace.com

Save the File and clear the dnscache

dscacheutil -flushcache

Flush your Browser Cache

Open Browser

From the menu select History -> Clear History

Clear the history going back over the period when you noticed the warning popup

No, if you inadvertently click on a link that takes you to the contaminated site, your mac will instead look to your own local server. If you don’t have a local server running (which you won’t if you are not developing websites locally) then the page will do nothing.

Scan for Viruses

Open the virus scanner of choice

Do a complete scan – better safe than sorry

 

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s