Adexc on Mac with Safari

[AdiosVista]

I was browsing an iOS development forum the other day, clicked on a link in one of the questions, and about 10 new tabs opened up (appearing blank) with the final page leading to some random medical psychology URL. In looking at my browser history, I could see that the original link I had clicked was apparently something to do with adexc.net.

Anyone have a similar experience? I'm assuming adexc is some kind of redirect scam that allows that page to create ad revenue but I want to make sure there isn't a deeper issue, such as malware.

I did download MalwareBytes for the Mac and it didn't report anything. I also double-checked my Safari settings (such as installed Extensions) and those appear to be correct. My questions are:

1. Does anyone have specific info on the adexc.net URL and what it does?
2. What's the best solution for peace of mind and making sure my iMac does not have a virus now?

Thank you for your time.

 

[KALLT]

When Malwarebytes does not find anything, there likely is no problem. You can also use Etrecheck to see whether there are any login items that may cause problems (you can paste the report here if you are not familiar with this).

In general, drive-by infections are very, very rare on OS X. You would have to launch a malware yourself, either by opening a program or by executing a command in a command-line prompt (like the Terminal application). Also make sure that you restrict website access to Java and Flash (if installed) in Safari’s security settings and disable the option ‘Open “safe” files after downloading’ in Safari’s general settings.

 

[AdiosVista]

When Malwarebytes does not find anything, there likely is no problem. You can also use Etrecheck to see whether there are any login items that may cause problems (you can paste the report here if you are not familiar with this).

In general, drive-by infections are very, very rare on OS X. You would have to launch a malware yourself, either by opening a program or by executing a command in a command-line prompt (like the Terminal application). Also make sure that you restrict website access to Java and Flash (if installed) in Safari’s security settings and disable the option ‘Open “safe” files after downloading’ in Safari’s general settings.

Thank you for the quick response, I appreciate it! I do already have both Flash and the "open safe downloads" option disabled. However, I'm not seeing a Java setting in Safari (though there is one for JavaScrit, WebGL, etc.). I do have JS and WebGL enabled.

This is my work computer so I do want to be extra vigilant in checking to see if any sort of malicious code has been inserted onto my iMac or in Safari. If there are any other steps I can take to be sure this system is clean, please let me know.

Also, if it helps, the original website I visited was a URL at https://recalll.co. That site appears to be the source of the redirect. NOTE: don't click on that URL or you'll encounter the same issue; I'm only posting here in case anyone has info on this specific site.

 

[KALLT]

Java is not installed by default, since Mac OS X Lion. JavaScript has nothing to do with Java. You can restrict access to Adobe Flash on a per-website basis in the security settings.

There is no absolutely thorough method to assure that your system is clean. Malware, however, has to persist across reboots in order to work, so if there are no login items, launch agents/daemons or kernel extensions that do this, then you are likely fine. You can spot these with the program I mentioned. It is just a diagnostic tool.

 

[thomasareed]

What's the best solution for peace of mind and making sure my iMac does not have a virus now?

If all you did was click a link, it's exceedingly unlikely that you've got any kind of malware as a result.

Right now, there isn't any Mac malware known to be installed by drive-by download (aka, just by visiting a website). All current Mac malware requires that you download something, then open it manually.

If you have something like Flash or Java installed, and configured in such a way that Flash or Java code loads automatically in the browser, that could be a problem. Do Flash or Java content load automatically for you?

http://flashtester.org

http://www.javatester.org

The only time that the Mac has had a problem with drive-by downloads was when they came in through Java (and, in one or two cases, Flash). There are no known exploits using either of these things to infect Macs at the moment, so the chances of risk are small if you have either of them enabled in the browser. However, you're almost certainly safe if they are disabled.

 

[AdiosVista]

If all you did was click a link, it's exceedingly unlikely that you've got any kind of malware as a result.

Right now, there isn't any Mac malware known to be installed by drive-by download (aka, just by visiting a website). All current Mac malware requires that you download something, then open it manually.

If you have something like Flash or Java installed, and configured in such a way that Flash or Java code loads automatically in the browser, that could be a problem. Do Flash or Java content load automatically for you?

http://flashtester.org

http://www.javatester.org

The only time that the Mac has had a problem with drive-by downloads was when they came in through Java (and, in one or two cases, Flash). There are no known exploits using either of these things to infect Macs at the moment, so the chances of risk are small if you have either of them enabled in the browser. However, you're almost certainly safe if they are disabled.

Thank you for the additional info. I can confirm that I do not have Java or Flash installed. The consensus seems to be that I do not need to worry about this incident. I appreciate everyone's time.

 

[thomasareed]

Yup, you should be good.