How to get rid of phishing software?
September 13, 2011 6:37 PM   Subscribe

Is someone scamming me? [Mac spyware filter]

My friend borrowed my computer, and while she was out getting coffee some strange dude came into the shop and asked if he could charge his cell phone on the laptop using a USB port. She let him! My immediate thought was "oh god spyware scam." Now Google says my computer "may be sending automatic traffic." I ran MacScan (it's an old Powerbook G4) but nothing turned up. Silly me, I hadn't set save points yet so I can't turn back time either. What did this guy do to my computer? How can I protect myself?
posted by fritillary to Computers & Internet (15 answers total) 2 users marked this as a favorite
When you say "Google" do you mean Google Chrome, the web browser?
posted by Blazecock Pileon at 6:45 PM on September 13, 2011

Best answer: Macs do not autorun things on USB storage devices, so he would have had to do something further to do any infection.

Google gives me that message sometimes, it is not necessarily indicative of anything suspicious.

Try something like Little Snitch?
posted by trevyn at 6:52 PM on September 13, 2011 [1 favorite]

Are you still at the coffee shop when you get this message? It appears the message pops up when any computer on your network does it, which if you're still at the coffee shop could mean another computer there, I suppose.
posted by sharkfu at 6:55 PM on September 13, 2011

If this were me I wouldn't stress about it much at all. Without your admin password there is little damage he could do in a short time, especially if he was being watched. If I'm wrong you'll make the news.

You joked about "save points," but you do realize this is exactly what Time Machine is, right? I create save points before every software install or Software Update run. If I don't like something or I just want it gone I roll back to the save point. It's a good thing to do.
posted by cjorgensen at 7:14 PM on September 13, 2011

Response by poster: No, I'm on Safari. She said the message popped up at the shop when she tried to do a google search, and now I'm at home and it is appearing for me. I've never seen it before. Roommates are having no issue with their computers, we all share the same wi-fi. So you think he really just wanted to charge his phone?
posted by fritillary at 8:02 PM on September 13, 2011

You might want to post the exact error message you are seeing. It may possibly just be a coincidence, and almost sounds like the warning message browsers give after their settings are reset to factory (eg. When submitting a form "You're about to send information...bla bla"). This could be a case where your friend may have accidently reset the browser.
posted by samsara at 8:15 PM on September 13, 2011

I hope the guy who asked to use the usb was cute at least! Does it show up when you use another search engine? What if you google the message you are getting from google?
posted by JohnnyGunn at 8:21 PM on September 13, 2011

Best answer: Try not to be overly paranoid. They were just wanting an electrical recharge on their cell. You can't hack a Mac via a USB connection. It's extremely unlikely especially using a cell phone unless you are uber-James Bond or something, and even then probably impossible.
posted by diode at 8:51 PM on September 13, 2011 [3 favorites]

Are you both doing the search direct from Google itself? I occasionally get that message when using the inbuilt Google search on a particular website ( being one example) even if I'm ticking "search WWW' and not just searching that website. But it's fine if I do the search from Google itself.
posted by andraste at 9:01 PM on September 13, 2011

Best answer: The message you are getting is what Google does if it detects too many searches in too small of a time frame. Someone on the network could've been running some SEO software that will cause this (I've experienced it when doing machine keyword searches myself). I seriously doubt it was your machine.
posted by chrisfromthelc at 9:23 PM on September 13, 2011 [1 favorite]

Response by poster: The message is the one sharkfu posted. Thanks for the advice everyone. I'll settle down!
posted by fritillary at 9:35 PM on September 13, 2011

Macs can be infected by a variety of viruses. I worked in a University environment heavy in Macs and I am here to tell you that your computer can be infected. Is your friend very sure that the person who plugged the device in did not click on something in the finder in the five seconds she was maybe looking somewhere else? Probably not would be my guess.

You could use an anti-virus product like Sophos but a good root could easily bypass it. Transfer all your documents to an external temporary drive (not your Applications). Reformat and reinstall the OS to be certain. The Google message is not necessarily anything to worry about. The guy at the coffee shop is who plugged a device into your machine is something to worry about. Maybe he was just charging his iPod. Maybe he is waiting right now for you to type your password in on your bank account.

Backup . Wipe . Restore (just documents).
And never let your friend borrow your computer again.
posted by Poet_Lariat at 1:30 AM on September 14, 2011

If there were no admin password he could very easily have installed some app that may be anything from a key logger to a program that will use your Mac to become part of some diabolical scheme to take over the world. Wipe and restoring everything except apps and docs could leave you in the same situation... Take a look at recent items under the Apple menu and see if there are any apps that don't look familiar. You can also look at the installer logs in the Console.
posted by Gungho at 7:18 AM on September 14, 2011

Best answer: an old Powerbook G4 utilizes a processor chip that is fairly unique to Apple and Apple software (the "PPC" or PowerPC chip from Motorola - these days Apple uses Intel chips, similar to what are used in Windows machines and therefore there is some commonality). Highly unlikely that someone would have spyware at the ready for such outdated and unique chip hardware.

Also, just the act of plugging in a USB device to hardware that old would not auto-install software. If he plugged in the phone and then asked to use the computer and spent some time on it, then I'd be worried as all hell.

Systems that old would take a concerted effort to install any sort of software, and again, would likely have had to have this person sitting at the keyboard for a period of time to install it.

Still, though, it is good of you to check out your system anyway just to be on the safe side!
posted by kuppajava at 8:28 AM on September 15, 2011

Macs can be infected by a variety of viruses. I worked in a University environment heavy in Macs and I am here to tell you that your computer can be infected.

Total and utter crap.

There are zero Mac OS X viruses. None. If you can find a cite for your claim that a Mac has ever gotten a virus I'd love to see it.

There has been some Malware out there, but that requires the interaction of idiots.

My lazy cites:

I've been working with Macs since 1987 and professionally for over a decade. The last time I saw a Mac virus was on a floppy disc and predated OS X by a decade. There is absolutely no reason to install virus software on a Mac unless you are blindly passing along files to a PC.
posted by cjorgensen at 7:43 PM on September 15, 2011

« Older Can I get prescription lenses put into New...   |   Where can I go to recharge? Newer »
This thread is closed to new comments.