Last week my colleague at TURN8 informed me that his browser was infected with adware.
As eminent from the previous blog post Adware Medic came right to my mind.
So i launched adware medic and it immediately detected the malware in the
/Users/username/Library/ScriptingAdditions .There was folder which contained the malware waiting for me to delete and delete it just what I did.
But after a couple of minutes my colleague asked me I got rid of the malware.So I took a look at the folder and the malware had somehow restored itself.
Whenever Safari would launch it would restore the folder to its original state.After trying the same thing a couple of times I decided to do something stupid.
I launched the terminal and changed the owner of the directory from my colleague’s user to root.This immediately stopped the malware insight.
Then I realized that the malware author were developers just like us.They trip and fall just like us.