4

I went to the web address (hxxp://www.asanka.com) (WARNING: BE CAREFUL WHEN VISITING) on Safari, then suddenly I got a warning message [image below]

What do I do? I'm freaked out. I have a lot of personal stuff on my Mac that I don't want anyone to see.

Edit: in response to @Freedom

enter image description here

I believe when I clicked Ok which is when those messages appear.

SilverlightFox
  • 33,408
  • 6
  • 67
  • 178
M.S.E
  • 143
  • 1
  • 7

3 Answers3

5

I think it's just a scary tactic from the site to make you download something that can be just an annoying adware to a very bad malware. It can be also a common method called Clickjacking where a user is tricked into clicking something which will then execute a malicious action or start a malicious download.

Do you have any AV on your OS? Did your browser downloaded anything automatically?

If you have AV and haven't downloaded anything I would say you are safe. Just ignore this kind of messages.

They are just a scary tactic, no different than messages like " you just won $1000 dollars" or pop-ups saying you are "infected with a nasty virus" so ignore every message like that on websites: they are fake and aim to trick you to do something malicious.

But anyway since you are using Safari, I recommend this amazing open-source Blocker for Safari. I recommend going to its settings to add more lists to it. (Just don't use EasyList without element hiding rules‎ or Anti-ThirdpartySocial list since they can break lots of pages). While I'm doing recommendations I could say you should also use https everywhere.

It appears to be Safari specific, because when I visited it with other browsers I didn't see anything. However I still think this is a fake pop-up intended to lead you to download their software. Macupdate.com appears to be a store for apps for MAC.

I visited the website with my iPhone too and I couldn't reproduce what happened to you. I'm not sure why this but I would keep the usual : if nothing has being downloaded on your PC then ignore these "warnings".

Some useful tools if you happen to come to another websites like this one : Google Safety Report and VirusTotal.

Do not execute or open any file that you did not expected to download. Keep your browser updated and use ad-blocking software if possible.

Freedo
  • 2,253
  • 5
  • 18
  • 28
  • +1 Thank you for coming for my help. Antivirus? No, because I thought there is no need to use an AV on a Mac, I used to scan a lot when I was using windows. Now, I got scared and then I remembered there was a OS update of my Mac os, so now I am updating my OS so that hopefully bad stuff will get erased. – M.S.E Jul 12 '15 at 00:04
  • No website could scan all your pc to find a virus???? What do you mean? – M.S.E Jul 12 '15 at 00:04
  • No as far as I am aware nothing got downloaded. – M.S.E Jul 12 '15 at 00:06
  • I use safari. Really? :o – M.S.E Jul 12 '15 at 00:28
  • I visited the page again from my iPad Safari. Now it shows a fake Apple store O.o weird how it keeps changing all the time. – M.S.E Jul 12 '15 at 00:29
  • That is interesting, I get something else. Check my question body, I revisited the website bravely (this time) and took a screenshot. But this time Im not brave enough to hit Ok. So I can't show the rest – M.S.E Jul 12 '15 at 01:04
  • @Freedom I agree with OP. Visited it by myself. – The Artist Jul 12 '15 at 01:06
2

No, you are not necessarily infected yet just by seeing that warning message. The website you have visited is compromised and is trying to perform a drive-by download attack which consists in installing malware on your computer without your consent (you can not see anything wrong happening on your machine during the installation process) or -which is your current case- with your consent BUT without understanding what you are doing because, obviously, a simple click on the Ok or Cancel buttons of any warning message, or even closing the window warning message, will trigger the drive-by download attack by exploiting the vulnerabilities of your browser.

What can you do then ? drive-by download attacks can happen by a simple visit to a compromised website (there comes the notion drive-by), but in your case a simple visit is rather trigger by clickjacking. So in the case you clicked to close the button or on the OK inner button then you must disconnect from Internet and run a full scan of your operating system.

Note that clicking on that button does not either that you are necessarily attacked: if the browser vulnerability the attack exploits is not present within your browser then you are lucky (so you guess it is rather a matter of probability often, and if you have been keeping your browser and OS up-to-date then there is a big chance nothing happened to your machine after all even after you clicked).

In all cases, disconnect from Internet and scan your machine. After connecting back, you can also check to your network traffic in case your anti-virus did not succeed to detect the presence of an installed malware (in the most pessimist case)

0

Don't forget to clear your browser cache too.
Also, if you have any saved passwords in Safari, clear them and change your passwords asap.

As the other guys mentioned it looks a lot like clickjacking. If you want to know more about how that works, check out BeEF. Browser Exploitation Framework.
There's tons of good videos on youtube demonstrating it in action.

There are some really good extensions for Chrome that help prevent malicious attacks, though i'm not sure if they're available for Safari.

  • Netcraft
  • No Script
  • HTTPS Everywhere
  • Ghostery
  • Ublock Origin
16b7195abb140a3929bbc322d1c6f1
  • 3,334
  • 4
  • 15
  • 20