Security Alert: Handbrake Download Mirror was Compromised

HandBrake

From Handbrake.fr:

SECURITY WARNING

Anyone who has downloaded HandBrake on Mac between [02/May/2017 14:30 UTC] and [06/May/2017 11:00 UTC] needs to verify the SHA1 / 256 sum of the file before running it.

Anyone who has installed HandBrake for Mac needs to verify their system is not infected with a Trojan. You have 50/50 chance if you’ve downloaded HandBrake during this period.”

If you have Handbrake installed on your Macs, you should check if it is compromised by this Trojan.

Also:

“Based on the information we have, you must also change all the passwords that may reside in your OSX KeyChain or any browser password stores.”

YIKES!

Fake Virus Warning Targets Mac Users to Download MacKeeper

macoscheckdotcom scam site

I received a frantic message from a friend when she saw a message that “virus found” on her Mac. She then sent me a few photos of the message.

macoscheckdotcom scam site fake virus check

As it turns out, it is related to none other than MacKeeper. In January2014, a class action lawsuit was filed against ZeoBIT, the maker of MacKeeper.

“macoscheck.com” was registered on December 26, 2015.

Whois info on macoscheck.com:

Deus-ex-Mac:~ ultra-slacker$ whois macoscheck.com

Whois Server Version 2.0

Domain names in the .com and .net domains can now be registered

with many different competing registrars. Go to http://www.internic.net

for detailed information.

Domain Name: MACOSCHECK.COM

Registrar: INTERNET DOMAIN SERVICE BS CORP

Sponsoring Registrar IANA ID: 2487

Whois Server: whois.internet.bs

Referral URL: http://www.internetbs.net

Name Server: NS1.SPEEDLOADINGSERVER.COM

Name Server: NS2.SPEEDLOADINGSERVER.COM

Status: clientTransferProhibited http://www.icann.org/epp#clientTransferProhibited

Updated Date: 26-dec-2015

Creation Date: 26-dec-2015

Expiration Date: 26-dec-2016

>>> Last update of whois database: Wed, 06 Jan 2016 11:49:01 GMT <<<

For more information on Whois status codes, please visit

https://www.icann.org/resources/pages/epp-status-codes-2014-06-16-en.

NOTICE: The expiration date displayed in this record is the date the

registrar’s sponsorship of the domain name registration in the registry is

currently set to expire. This date does not necessarily reflect the expiration

date of the domain name registrant’s agreement with the sponsoring

registrar. Users may consult the sponsoring registrar’s Whois database to

view the registrar’s reported date of expiration for this registration.

TERMS OF USE: You are not authorized to access or query our Whois

database through the use of electronic processes that are high-volume and

automated except as reasonably necessary to register domain names or

modify existing registrations; the Data in VeriSign Global Registry

Services’ (“VeriSign”) Whois database is provided by VeriSign for

information purposes only, and to assist persons in obtaining information

about or related to a domain name registration record. VeriSign does not

guarantee its accuracy. By submitting a Whois query, you agree to abide

by the following terms of use: You agree that you may use this Data only

for lawful purposes and that under no circumstances will you use this Data

to: (1) allow, enable, or otherwise support the transmission of mass

unsolicited, commercial advertising or solicitations via e-mail, telephone,

or facsimile; or (2) enable high volume, automated, electronic processes

that apply to VeriSign (or its computer systems). The compilation,

repackaging, dissemination or other use of this Data is expressly

prohibited without the prior written consent of VeriSign. You agree not to

use electronic processes that are automated and high-volume to access or

query the Whois database except as reasonably necessary to register

domain names or modify existing registrations. VeriSign reserves the right

to restrict your access to the Whois database in its sole discretion to ensure

operational stability. VeriSign may restrict or terminate your access to the

Whois database for failure to abide by these terms of use. VeriSign

reserves the right to modify these terms at any time.

The Registry database contains ONLY .COM, .NET, .EDU domains and

Registrars.

Domain Name: MACOSCHECK.COM

Registry Domain ID: 1989721914_DOMAIN_COM-VRSN

Registrar WHOIS Server: whois.internet.bs

Registrar URL: http://www.internetbs.net

Updated Date: 2015-12-26T12:22:03Z

Creation Date: 2015-12-26T12:22:03Z

Registrar Registration Expiration Date: 2016-12-26T12:22:03Z

Registrar: Internet Domain Service BS Corp.

Registrar IANA ID: 2487

Registrar Abuse Contact Email: abuse@internet.bs

Registrar Abuse Contact Phone: +44.7546458118

Reseller:

Domain Status: clientTransferProhibited – http://www.icann.org/epp#clientTransferProhibited

Registry Registrant ID:

Registrant Name: Domain Admin

Registrant Organization: Whois Privacy Corp.

Registrant Street: Ocean Centre, Montagu Foreshore, East Bay Street

Registrant City: Nassau

Registrant State/Province: New Providence

Registrant Postal Code: 0000

Registrant Country: BS

Registrant Phone: +1.5163872248

Registrant Phone Ext:

Registrant Fax:

Registrant Fax Ext:

Registrant Email: macoscheck.com-owner@customers.whoisprivacycorp.com

Registry Admin ID:

Admin Name: Domain Admin

Admin Organization: Whois Privacy Corp.

Admin Street: Ocean Centre, Montagu Foreshore, East Bay Street

Admin City: Nassau

Admin State/Province: New Providence

Admin Postal Code: 0000

Admin Country: BS

Admin Phone: +1.5163872248

Admin Phone Ext:

Admin Fax:

Admin Fax Ext:

Admin Email: macoscheck.com-admin@customers.whoisprivacycorp.com

Registry Tech ID:

Tech Name: Domain Admin

Tech Organization: Whois Privacy Corp.

Tech Street: Ocean Centre, Montagu Foreshore, East Bay Street

Tech City: Nassau

Tech State/Province: New Providence

Tech Postal Code: 0000

Tech Country: BS

Tech Phone: +1.5163872248

Tech Phone Ext:

Tech Fax:

Tech Fax Ext:

Tech Email: macoscheck.com-tech@customers.whoisprivacycorp.com

Name Server: ns1.speedloadingserver.com

Name Server: ns2.speedloadingserver.com

DNSSEC: unsigned

URL of the ICANN WHOIS Data Problem Reporting System: http://wdprs.internic.net/

>>> Last update of WHOIS database: 2016-01-06T11:49:10Z <<<

Whois info on speedloadingserver.com:

Deus-ex-Mac:~ ultra-slacker$ whois speedloadingserver.com

Whois Server Version 2.0

Domain names in the .com and .net domains can now be registered

with many different competing registrars. Go to http://www.internic.net

for detailed information.

Domain Name: SPEEDLOADINGSERVER.COM

Registrar: TLD REGISTRAR SOLUTIONS LTD

Sponsoring Registrar IANA ID: 1564

Whois Server: whois.tldregistrarsolutions.com

Referral URL: http://www.tldregistrarsolutions.com

Name Server: NS-CANADA.TOPDNS.COM

Name Server: NS-UK.TOPDNS.COM

Name Server: NS-USA.TOPDNS.COM

Status: clientTransferProhibited http://www.icann.org/epp#clientTransferProhibited

Updated Date: 09-sep-2015

Creation Date: 03-sep-2015

Expiration Date: 03-sep-2016

>>> Last update of whois database: Wed, 06 Jan 2016 12:17:54 GMT <<<

For more information on Whois status codes, please visit

https://www.icann.org/resources/pages/epp-status-codes-2014-06-16-en.

NOTICE: The expiration date displayed in this record is the date the

registrar’s sponsorship of the domain name registration in the registry is

currently set to expire. This date does not necessarily reflect the expiration

date of the domain name registrant’s agreement with the sponsoring

registrar. Users may consult the sponsoring registrar’s Whois database to

view the registrar’s reported date of expiration for this registration.

TERMS OF USE: You are not authorized to access or query our Whois

database through the use of electronic processes that are high-volume and

automated except as reasonably necessary to register domain names or

modify existing registrations; the Data in VeriSign Global Registry

Services’ (“VeriSign”) Whois database is provided by VeriSign for

information purposes only, and to assist persons in obtaining information

about or related to a domain name registration record. VeriSign does not

guarantee its accuracy. By submitting a Whois query, you agree to abide

by the following terms of use: You agree that you may use this Data only

for lawful purposes and that under no circumstances will you use this Data

to: (1) allow, enable, or otherwise support the transmission of mass

unsolicited, commercial advertising or solicitations via e-mail, telephone,

or facsimile; or (2) enable high volume, automated, electronic processes

that apply to VeriSign (or its computer systems). The compilation,

repackaging, dissemination or other use of this Data is expressly

prohibited without the prior written consent of VeriSign. You agree not to

use electronic processes that are automated and high-volume to access or

query the Whois database except as reasonably necessary to register

domain names or modify existing registrations. VeriSign reserves the right

to restrict your access to the Whois database in its sole discretion to ensure

operational stability. VeriSign may restrict or terminate your access to the

Whois database for failure to abide by these terms of use. VeriSign

reserves the right to modify these terms at any time.

The Registry database contains ONLY .COM, .NET, .EDU domains and

Registrars.

Domain Name: SPEEDLOADINGSERVER.COM

Registry Domain ID: 1957177560_DOMAIN_COM-VRSN

Registrar WHOIS Server: whois.tldregistrarsolutions.com

Registrar URL: http://www.tldregistrarsolutions.com

Updated Date: 2015-09-09T07:28:32Z

Creation Date: 2015-09-03T07:26:31Z

Registrar Registration Expiration Date: 2016-09-03T07:26:31Z

Registrar: TLD Registrar Solutions Ltd.

Registrar IANA ID: 1564

Registrar Abuse Contact Email: abuse@tldregistrarsolutions.com

Registrar Abuse Contact Phone: +44.2034357312

Reseller:

Domain Status: clientTransferProhibited – http://www.icann.org/epp#clientTransferProhibited

Registry Registrant ID:

Registrant Name: Domain Admin

Registrant Organization: Whois Privacy Corp.

Registrant Street: Ocean Centre, Montagu Foreshore, East Bay Street

Registrant City: Nassau

Registrant State/Province: New Providence

Registrant Postal Code: 0000

Registrant Country: BS

Registrant Phone: +1.5163872248

Registrant Phone Ext:

Registrant Fax:

Registrant Fax Ext:

Registrant Email: speedloadingserver.com-owner@customers.whoisprivacycorp.com

Registry Admin ID:

Admin Name: Domain Admin

Admin Organization: Whois Privacy Corp.

Admin Street: Ocean Centre, Montagu Foreshore, East Bay Street

Admin City: Nassau

Admin State/Province: New Providence

Admin Postal Code: 0000

Admin Country: BS

Admin Phone: +1.5163872248

Admin Phone Ext:

Admin Fax:

Admin Fax Ext:

Admin Email: speedloadingserver.com-admin@customers.whoisprivacycorp.com

Registry Tech ID:

Tech Name: Domain Admin

Tech Organization: Whois Privacy Corp.

Tech Street: Ocean Centre, Montagu Foreshore, East Bay Street

Tech City: Nassau

Tech State/Province: New Providence

Tech Postal Code: 0000

Tech Country: BS

Tech Phone: +1.5163872248

Tech Phone Ext:

Tech Fax:

Tech Fax Ext:

Tech Email: speedloadingserver.com-tech@customers.whoisprivacycorp.com

Name Server: ns-canada.topdns.com

Name Server: ns-uk.topdns.com

Name Server: ns-usa.topdns.com

DNSSEC: unsigned

URL of the ICANN WHOIS Data Problem Reporting System: http://wdprs.internic.net/

>>> Last update of WHOIS database: 2016-01-06T12:16:03Z <<<