The Security Detail

May 29 2011   11:57PM GMT

Mac Scareware Trail Leads Back to Russian Firm



Posted by: Tony Bradley
Tags:
Brian Krebs
ChronoPay
Mac malware
MacDefender
rogue AV
scareware

Follow the money.

If you want to get to the bottom of something–whether it is a political scandal, a murder mystery, or the source of rogue AV scareware attacks against Mac OS X…follow the money.

Security reporter Brian Krebs did just that and he has connected the dots leading from MacDefender and the sudden plague of Mac malware back to a Russian payment processing company–ChronoPay.

Observant Mac users reported the domain names that the rogue AV attacks were being directed to for payment. Krebs did some digging into the WhoIs details to try and determine the owner of those domains to follow the money back to the source. It so happens that Krebs is also in possession of tens of thousands of pages of ChronoPay documents leaked in a data breach last year which allowed him to follow the trail back to ChronoPay.

It is unclear how that knowledge can be put to good use. Given the nature of international law enforcement, prosecuting attacks across national borders can be tricky.

In the meantime, Mac users should just be aware of the issue, and follow the guidance from Apple to address the threat pending an update for Mac OS X to guard against it.

 Comment on this Post

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: