Mac Users Face Increased Ransomware Threats

Apple Inc. has a reputation for building secure devices, but don’t become too complacent because ransomware threats to Mac users are on the rise.

While ransomware attacks against Microsoft Windows-based computers and servers remain far more prevalent, security researchers have detected new Mac threats in recent years and expect to see new threats in the future. Here’s a quick look at three forms of ransomware that are known to target Mac users:

KeRanger disguises itself as a popular application
Imagine this: You go to download a copy of Transmission, the popular torrent download application, only to find that it infects your computer with ransomware. That’s what happened to more than 7,000 Mac users in 2016 after cybercriminals hacked into the Transmission website and implanted KeRanger—ransomware that targets Mac OS X—into the downloads. The downloads were stamped with the official Transmission developer certificate so Gatekeeper, the Mac function that validates applications, was easily fooled.

The ransomware was hidden inside a file called general.rtf and was designed to wait three days before encrypting user data. After encrypting files, the malicious software displayed a ransom note demanding one bitcoin. The ransomware installer has since been removed from Transmission’s website.

Think you’re fixing apps with Patcher? Think again
Patcher disguises itself as a patching tool for well-known apps like Adobe Premiere Pro and Microsoft Office. The ransomware, which has been downloaded via BitTorrent, is so poorly designed that even the malware’s creators are unable to supply decryption keys to victims who pay the ransom.

Patcher stores important files, documents, pictures and other media in an encrypted .zip file and deletes the original data. It then attempts to wipe the free space on the drive so that disk recovery tools will be ineffective. Patcher concludes by scattering copies of “README!.txt” in the victim’s document and picture folders. The README! file contains ransom payment instructions.

FindZip makes you hunt for decryption keys
Much like Patcher, FindZip ransomware attacks Mac users by copying important files into an encrypted .zip file and deleting the original data. FindZip, which is also known as Filecoder, has no decryption capabilities so victims who pay the ransom will not be able to recover their data. The good news is that you can discover the decryption keys by comparing an unencrypted file to an encrypted one. Avast has created a tool that automates the process of discovering the tools and decrypting files.

Protect your Mac from ransomware
Mac users are clearly not free from the threat of ransomware. While not at epidemic proportions, ransomware attacks against Macs have seen widespread success by breaking into systems that were assumed secure. Fortunately, users today have access to a variety of backup options. You can add an extra layer of protection to your Mac computer by stepping beyond the Apple ecosystem of TimeMachine nearline backups and iCloud synchronization and embracing a third-party cloud backup solution.

For more news and information on the battle against ransomware, visit the homepage today.

Buying or Selling? An Investigation into Craigslist Scams

It seems no matter where you turn; someone is waiting to rip you off.   Our inboxes drown in spam and phishing messages that attempt to discover bank account information or account credentials.  A large percentage of the banner ads on social networking sites advertise various get rich schemes designed to take money from those tempted by their fantastic claims.  It seems that everywhere we look there is a scam.  Craigslist, a popular classified advertising website, is a great resource for both buyers and sellers.  However, it has its fair share of nefarious individuals committing scams too.  This is the report on an investigation of two scams I recently uncovered on Craigslist

When I recently decided to upgrade my MacBook laptop, I thought it would be easiest to purchase a used one locally on Craigslist. Craigslist is free to use and has become immensely popular for the local exchange of goods and services, but it was not designed to protect users from online transaction fraud. I listed my old laptop and searched for a newer one on Craigslist and found scams on both fronts.  I pursued the scams so that I could gain the inside scoop on how they operate to help you avoid these traps and keep your hard-earned money.

The seller’s scam:

I saw a MacBook for sale and the ad read “15 – MacBook Pro 8GB RAM/Wi-Fi must sell ASAP – $600.”  There was not much information on the MacBook except that they needed to sell it quickly and to contact them for more details.  I politely responded to the ad to request more information on the laptop and asked some specific questions regarding the processor type and so forth.  I received a reply the next day as depicted below along with several pictures of the MacBook on a kitchen counter with a lady’s hand holding it.


Scammers know that the small things build trust and make buyers more comfortable.  First, they did not reply right away.  They waited a day to make it feel like I was communicating with a person who had a day job.  Second, the pictures were not stock photos but very natural, unprofessional pictures designed to prove that the MacBook was in their possession and that they were just a typical seller.

Hi, I am getting back to you regarding the 15″ MacBook PRO from Craigslist My name is Emily and I am now in Vancouver, BC, Canada. The MacBook is still available and I hope you are still interested.I am selling the MacBook for $600 USD. I have attached some pics with it to this email. It’s 2.50 GHZ i7, has 8 GB of RAM, 1 GB of Video Memory and 256 GB SSD (works 5 times faster as a normal HD) of storage. The MacBook was bought brand new from Apple a couple of months ago. About the MacBook I can say it’s in perfect shape, as I used it only for a few weeks. Included in the $600 price is everything that came with the MacBook PRO and also the warranty papers. I tried to be as thorough as I could with the presentation so you can have all the info if you decide to go ahead and buy it. So what do you think? Do you want my MacBook? Thanks, Emily

The language of the introductory email is very casual.  The sentence about trying to be as thorough as possible gives the email a feeling of honesty and genuineness while informing you that the item is now in Canada, so there is not a possibility for a local trade, the primary reason for using Craigslist.

I replied to the email simply asking how she wanted to conduct the sale.  I expected that the seller would suggest that I use PayPal and then tell me all about the “buyer protection.”  Buyer protection is mainly intended for eBay transactions, and a crafty seller can send an invoice with very little information so that PayPal investigations will have a difficult time determining whether the terms of the agreement were met and whether payment is justified.

I was considering possible safe methods of performing this sale, and I came up with two ideas.  The first would be to use an escrow service which is a trusted third party to the exchange that retains both the product and the money, delivering the product once the money is paid to the escrow service and paying the money to the seller once the buyer declares the goods to be satisfactory.  The second option would be for the seller to ship the item to someone local so that the sale could be completed locally with cash.

The next afternoon I received an email from the seller as follows:

I was checking for a way to make the exchange from here to you in the US and I came across this option, which is a very good way to make this exchange. It’s provide by a company called Interparcel and it will help us with this transaction. They seem designed specifically for internet transactions, they handle both the payment and delivery part of this transaction. They seem pretty nice and trustworthy and they provide a service that we can use for our exchange. The link below is from Interparcel website and it explains their procedure. Please check the link and the procedure and let me know if you agree to the terms. With this procedure Interparcel will deliver the macbook to you, receive your payment and I will receive the payment for the macbook only after you instruct them to do so. I will pay the shipping. Let me know if we can proceed. Thanks, Emily.

I was surprised by this email because she suggested using an escrow service which would seem to be a safe way for me to purchase the laptop but I was also well aware of the various fake escrow scams out there, so I did some research.  You can use Escrow Fraud’s search to determine if an escrow service is legitimate.  I researched Interparcel, and it seemed like a reputable escrow service so I told her that this would be acceptable, and she said she would drop it off with Interparcel in a few days.  I later received this message from her.

I sent the macbook earlier today. The clerk from Interparcel said that they will inspect the macbook and then send you the invoice. Please add to your email address book in order to guarantee the delivery of their emails to your inbox. Thanks, Emily.

Note the red flag in this message.  First, she asks me to add to my address book.  That would seem odd for someone who is not familiar with their services.  Second, the email address does not seem like one that would be used by Interparcel.  “Customer service” is a term I might expect or “sales” but not “customer department.”  The email address is also not from Interparcel.  Usually, a company will own a domain name, and they may use subdomains for individual sites or email domains.  The subdomains, however, will have a period between the domain name and the subdomain.  If this were an Interparcel email, the address would have been

Searching Google, Yahoo and Bing for did not return a web site and a whois search on the domain was full of ***** values seen here with the exception of a location listed as Nobby Beach in Australia.  A reputable company would provide their business name and some information in these fields.  You can also see that the site was only registered on May 22, 2012, so this is a brand new web site, and it expires in 1 year.  Most companies have had a web presence for quite some time, and they typically renew their domain names for multiple years.  If you receive an email from a company, and you do not find information in the whois or if you see that it was registered in the last year, consider it another red flag.


An email allegedly from Interparcel arrived later in the day, but it was from  A whois search of provided similar information with the exception that this one was registered in Panama.


As you can see the invoice allegedly from Interparcel looks quite good.  It is, in fact, just a message made to look like an Interparcel invoice.  The red flag in this message is seen on page 2 where rather than paying to Interparcel; they want you to make a wire payment to some “agent” named Jacob Mansell.  Second, they want the wire payment to be made through Western Union.  There is no way to get your money back after you send it through Western Union, and Western Union is not one of the payment methods listed on Interparcel’s web site, so it is clear that this is a scam.  No item would ever be sent out after payment was sent but the scammer did her best to try to make it seem like she was honest and legitimate.  If you do use an escrow service, call the company to verify that the escrow invoice is valid and do not enter personal financial information into their web site.  Use a service that you already trust to pay the escrow.

The buyer’s scam:

The “buyer’s scam” is less sophisticated than the aforementioned “seller’s scam” and it seems that many more people are using it.  I listed my MacBook for sale on Craigslist and received text messages and emails within an hour of posting the item.  They would ask if the item was for sale and after I replied that it was, they would send me a template message with some reason for me to ship the item to another place rather than sell it locally.  Here are some examples:

Scammer: Thanks.  Sounds good.  All I need is your full support and trust ok.  I am not local as you can see from my phone number.  I am from New York and I am buying this as a gift for my fiancé Alex Matthew.  He just got a transfer from here in New York to (FAAN) Federal Air Authority in Nigeria.  I want it shipped via USPS express Air Mail for delivery only if you can assure me that it is in good working condition.  I am offering you $500 for the item and $100 for the shipping.

Me: The item is for local pickup only, cash only.

Scammer: Yea.  I understand.  Really but you don’t have anything to fear because I am going to make the payment upfront and you will get an alert to very my payment and PayPal works as cash of course.  When you receive the payment confirmation you can mail the item to my address.  Please.  I really need this from you okay…Thanks.

Another Scammer:

Alright.  I am John Henry and I work in the RIAA (Recording Industry Association of America)  I live in Nacogdoches, TX and I would love to come and pick this up and pay in cash but I have been transferred out of town  to represent a firm outside the city and I would like to purchase this for my brother schooling overseas.  I am willing to offer you $100 extra for the shipping.  Do you have a PayPal account?

The mention of Nigeria in the first mention is a red flag since many internet scams originate in that country. I also did a search on the phone number and found a lot of people talking about how this person had ripped them off for considerable sums of money.  After discussing for a bit, I sent an invoice to the email address provided and waited.  It is a good practice to Google the phone number of someone wanting to purchase an item from you. allows people to post about the numbers in its database so you can find out if others have been ripped off from this phone number.  Here is a snippet from the results of the number I searched for on


The scammer then sent a fake PayPal email to me stating that I had received a payment as can be seen below.  First, the email address is not even close to a PayPal address.  Paypal confirmations are sent from  Some scammers are more sophisticated and will use an address like  Since the email address is long, some email programs will only show the first part, so it looks like  This one was obviously a fake, but some scammers will produce an email that looks just like the original.

To check if you have received PayPal funds, log into your PayPal account from another computer (just in case the one you are using is infected with code from the scammer) and check your PayPal balance to see if the money has been deposited.  Note how they marked seller protection as eligible.  If you ask about it, they will tell you how you are protected and this is added to bolster their claim, but there is nothing to protect because you have not actually received money.  The address is in Nigeria.  This is always a red flag.  They marked the address as confirmed so that you will assume that you can trust the address since PayPal evidently trusts it.


I told the seller that the money was not in my account, so they tried another scheme.  They sent me a message stating that the money was deducted from the merchant’s account but that it would not be available in my account until the shipment was received and it instructed me to mail the MacBook immediately.  You can see the second email here.


The same email address was used in this email clearly indicating that it is a fake message because PayPal does not operate this way. PayPal deposits the money in the account, and it is up to the seller to then ship the item, but they do not hold it pending receipt from the buyer.  I had to laugh when I saw the exclamation points added to the subject line clearly indicating that this scammer is not familiar with business communication norms.  At this point, I figured there was nothing more I could learn about the scam, so I just told the buyer that it had been sold locally and was no longer available.


So, what can we learn from all this?  Well, it pays to be a bit skeptical when buying things online.  Stick to local, cash only transactions when using Craigslist.  That is what it is meant for, and it is an excellent way to find a good deal.  Watch out for scams like those depicted in this article.  We’re all trying to find a good deal, but the old adage is still right.  “If it seems too good to be true, it probably is.”  If you have been the victim of fraud on Craigslist, contact your local police along with the links below.

Reporting Fraud:

Internet Crime Complaint Center (FBI, NW3C and BJA partnership)

FTC online complaint form

Ohio Attorney General Consumer Complaints

Mac Viruses

Apple’s recent ads talk about how there are no viruses written for
Mac. That statement is not entirely true. Viruses are released for
Mac. in 2005, 143 viruses targeted Macintosh computers. Compare this
with the 150,000 written for PCs and it does not sound bad but the
statement is still incorrect. By the way, if you want to view the new
Macintosh ads, go here.

Apple Displays with built in cameras

Apple recently patented a display that includes thousands of tiny image sensors that will allow the screen to act as a camera.  This will allow the user to look at the screen as images are taken and will change the way I see people in instant messaging conversations where the person always looks like they are staring above or below us depending on the position of their camera. 

Windows on the Mac Update

I got the latest intel update for Mac OSX. It was about 150MB but now
I can see my NTFS partition for Windows within Mac OS. I am glad to
know that I can edit those file whenever I wish. I was about to try
to mount the volume from the Unix shell but it was there before I
could try. 🙂

Windows on a Mac

If you read the Wall Street Journal, you will know that on Wednesday,
Apple released software called Boot Camp that allows users of the
Intel processor macintosh computers to dual boot with Windows XP and
Mac OSX. Naturally, this interested me. I downloaded the software
and repartitioned my drive, allocating 10GB for the Windows partition.
Next, I had to get a copy of Windows XP with SP2 already on it. I
had my class slipstream SP2 onto an installation disk so I was
prepared to slipstream it but Ian had a copy already so I just burned
the disk. I had my own CD key to use. The next step was to burn a CD
of drivers that would allow me to use the mac features within Windows
XP. This also provides support for the Mac hardware including the
wireless Airport card, Bluetooth adapter, and other devices. After
that, I started the Windows XP install just as you normall would do on
a PC. The installation was the part that took the longest. After
installing, I updated to get all the latest patches, I joined it to my
domain and then installed a game to try out the graphics card.

The graphics adapter is amazingly adaptable. (no pun intended) I was
able to adjust the amount of system memory it uses. I have it using
256MB but I might decrease that. My entire system has 2GB of RAM in
it. My bottleneck is the GPU, not the RAM so the additional RAM is
not helpful. I ran Battle for Middle Earth 2 (BFME2) and the graphics
did look pretty bad. I was able to adjust a few thigns to clean it up
but it certainly does not look as nice as Justin’s machine (3.5GHz AMD
Athlon 64, 256MB Graphics card). Another issue is the fact that my
widescreen resolution is not supported in game. I can, however,
utilize the 1920×1200 resolution in the OS.

To switch between Windows and MacOS Tiger, hold down the Option/Alt
key as the computer boots. It will then give you a selection screen.
The screen does not look anything like the boot loaded in Windows.
This is a graphical menu that you click on. Is this functionally any
better than the one included with XP? No, but it does look nice.

I do wish that the two systems could share data on the file system.
MacOS uses the HFS+ file system and Windows uses NTFS. I was hoping
that Apple would write some drivers to allow the XP OS to read from
the HFS disk and vice versa. This is not a large inconvenience though
because I primarily use network storage. There is 1.2TB of storage on
the network that I can take advantage of.

The process was fairly simple and I do not miss the other 10GB so I am
happy to have tried this.

Mac Mini

I bought a Mac mini a few weeks ago. I have had my eyes on one for
quite some time. I love it that they are so small. I have it hooked
up to my 23" Apple Cinema display. I found out soon after I purchased
it that it really needs RAM. I got one of the new Intel machines.
Some of the software I use has not yet been optimized for the Intel
core so it runs in emulation mode. This slows some programs down.
One program specifically, Firefox, does not yet have an Intel version.
They do have an Intel beta that I hear is not too bad.

I bought 2GB of RAM for it but it did not work in the machine. I had
to send the RAM back and I am still waiting for replacement sticks to
arrive. The machine runs a little slow with only 512MB of RAM in it.
I was dissapointed that the new Intel Mac Mini uses shared video
memory. The old G4 mac mini models did not use shared memory. This
reduces my main memory and I just wonder how good it really is. Apple
says it is great because the system memory is DDR2 running at 667MHz.
I have not had any problems with it but I haven’t really played any
games or anything on it.

I had to get one of those white keyboards to go with the mac mini
because they look sweet. I also wanted to have the special mac keys.
I was going to sell my G4 cube to Richard but he did not buy it so I
guess I really did not need a new keyboard. I had a mac keyboard with
the G4 cube. Oh well. The cube still runs fine and it has Tiger on
it so I will use it someday or find someone who wants to buy it.