Mac malware scams - Following the money

Summary:So, who's behind the recent spate of Mac malware?

So, who's behind the recent spate of Mac malware?

Security journalist Brian Krebs has been doing some investigating and believes that ChronoPay, Russia's largest online payment processor, is behind the attacks on Mac users.

The WHOIS information for both domains [mac-defence.com and macbookprotection.com] includes the contact address of fc@mail-eye.com. Last year, ChronoPay suffered a security breach in which tens of thousands of internal documents and emails were leaked. Those documents show that ChronoPay owns the mail-eye.com domain and pays for the virtual servers in Germany that run it. The records also indicate that the fc@mail-eye.com address belongs to ChronoPay's financial controller Alexandra Volkova.

Krebs describes ChronoPay as the 'unabashed "leader" in the scareware industry for quite some time.' The company is fairly notorious. It was the core processor for a rogue anti-virus affiliate program in 2008 that released the Conficker worm, and last March was behind a scam site that accused people for filesharing and bullied them into fake settlements.

Krebs also has his '3 basic rules for online security' which are now just as valid for Mac users as they are for Windows users.

If there's money to be made from Mac users, these attacks will continue and increase in sophistication.

Topics: Apple, Hardware, Malware, Security

About

Adrian Kingsley-Hughes is an internationally published technology author who has devoted over a decade to helping users get the most from technology -- whether that be by learning to program, building a PC from a pile of parts, or helping them get the most from their new MP3 player or digital camera.Adrian has authored/co-authored technic... Full Bio

zdnet_core.socialButton.googleLabel Contact Disclosure

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.