Several times in the past few months, a web link has popped up a box alleging that malware has been detected and I should click OK to let them fix it. I'm not stupid enough to even click anywhere near it, but whoever created this thing has figured out how to lock Safari completely. Can't use back button or change tabs or access any menus. Force-Quit is the only option.
I can't remember the exact wording, but something about it convinced me that the malware knows I am on a Mac. In other words, it is more sophisticated than the Windows attacks that I occasionally see.
Sometimes, but not always (Why/How?), re-launching Safari re-launches all the tabs, including the offensive one. (Even though I said not to in preferences.)
Is there a way after the fact to get the IP address the thing comes from? Or to determine how the freeze is caused and prevent it?
This has happened on three different versions of Safari. It's not the same as the pop-up with the toll-free phone number which doesn't freeze Safari.
Best Answer
I have run into similar situations. I gather the host DNS name from the url and put a matching line into my /etc/hosts file. The I force quit safari and relaunch.
The line I add to /etc/hosts looks like this:
This will redirect all browser requests to the badhost to localhost (the local machine) where the requests timeout. This breaks the javascript that is holding your browser hostage. I'm using 127.0.0.5 (instead of 127.0.0.1) so I can distinguish the bad requests from normal localhost requests with my networking tools.