|
Hi phil4u2
Shame you deleted the files. If the html file was edited, that does suggest more than a 'click-on-a-link-download-a-file' thing in safari. By default, the windows sharing on the mac shares home directories and ~/Desktop folders (if i remember right). How about this scenario: - you have windows sharing on all the time (this and the mac filesharing is a security hole) - your mac is connected directly to a WiFi network (no router to act as hardware firewall) - your firewall is not always on or on and has the filesharing ports open (as normal) - a PC on the same network (either at work or at home, in a coffe shop etc) has access to your username/password (eg a friend who you once shared files with) - that PC has a virus/trojan/spyware whatever, and found the html file on your fileshare and altered it. This theory would require a PC with access to your username/password, or infected with a malicious program which used brute force to guess your password. Another option would be - did you upload this html file / site up to a web server hosted somewhere? it could have been infected there, and you downloaded it back to update it and then noticed the html file had been changed... possible? My suggestions for you are: - turn off all filesharing, then there is no way intruders can get to your files. its easy to turn on/off, so just enable it when you are actually sharing files. - look through the logs, just in case you can see anything unusual - use the Console.app - next time, dont delete the files. 'exe' files are harmless to you, and it might help sort out what happened. - change your password NOW just in case. make it a complicated one, no real words and a mixture of upper/lower case and maybe a couple of symbols for good measure. If you are feeling paranoid, try looking up Snort - it detects unusual / malicious network activity and will warn you about it. good luck, and relax - you are on a mac! chris |
Thank you for that answer Chris.
I already did almost all that you said. The first thing I did was to change my password. (Now I'll have to remember it...:o ) Filesharing is now OFF I looked through the logs and found something strange: Code:
*** Zero check failed in /Users/thecat/Desktop/DVDBACKUPI will check out SNORT Before I deleted the infected files (Actually, I deleted the whole folder), I went to the ftp server and checked the uploaded files. They were/are intact. |
Quote:
Code:
% strings MacTheRipper.app/Contents/MacOS/MacTheRipper | grep -i "thecat" |
Quote:
The only logical explanation is that something happened, you just don't know what. |
| All times are GMT -5. The time now is 06:57 PM. |
Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.
Site design © IDG Consumer & SMB; individuals retain copyright of their postings
but consent to the possible use of their material in other areas of IDG Consumer & SMB.