MacDefender taken down in raid by Russian authorities?

MacDefender taken down in raid by Russian authorities?

Summary: MacDefender caused a malware crisis for the Mac in June 2011 but went suspiciously silent in July. Russian authorities may have busted the group responsible for supporting the fake AV program.

TOPICS: Security, Malware

MacDefender caused a malware crisis for the Mac back in June 2011. At the time it seemed like an epidemic, but then after a short round of update Whack-A-Mole with Apple, MacDefender seemed to disappear entirely. In fact, Apple last updated its malware definitions on June 18.

On August 1, my ZDNet colleague Ed Bott wrote "Where did all the Mac malware go?"

The last time I saw Mac Defender in the wild was on June 23rd. This nasty bit of Mac malware made life miserable for Apple and its support technicians for the entire month of May, before fading away in mid-June.

New information suggests that Russian authorities may have busted the group responsible for one of the biggest scourges that the Mac has ever seen.

Brian Krebs appears to have linked ChronoPay to Mac Defender (via MacRumors)

On June 23, Russian police arrested Pavel Vrublevsky, the co-founder of Russian online payment giant ChronoPay and a major player in the fake AV market...

In May, I wrote about evidence showing that ChronoPay employees were involved in pushing MacDefender — fake AV software targeting Mac users. ChronoPay later issued a statement denying it had any involvement in the MacDefender scourge.

But last week, Russian cops who raided ChronoPay’s offices in Moscow found otherwise. According to a source who was involved in the raid, police found mountains of evidence that ChronoPay employees were running technical and customer support for a variety of fake AV programs, including MacDefender.

The last release of MacDefender occurred on June 18. ChronoPay's offices are raided June 23. A coincidence perhaps, or Russian law enforcement saving Mac users from fake antivirus software.

This would be great news if it turns out to be true.

Photo: PS3hax

Topics: Security, Malware

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.


Log in or register to join the discussion
  • Word to the wise, hackers..

    in Russia, computer monitor is watching [b]you[/b].
    • RE: Word to the wise.....


      Wouldn't it be so nice if those behind this malware family suddenly ended up at a Siberian prison?
    • RE: MacDefender taken down in raid by Russian authorities?

      @Tigertank To me its no shock that Russians were involved. If you look into Hacking and who's getting big in the world for it, Russia and China are the rising stars. More and more hacks are coming from those nations. I'd be more than willing to bet that the PSN hack came out of Russia or China and not from Anon.
      • RE: MacDefender taken down in raid by Russian authorities?

        @Relorian@... Chinese crap IMO is on the decline and has been for about 4 years ever since they started turning off out of border transmissions. Now what comes from China are the tougher actual criminals as opposed to mountanis of Chinese jacks.
  • RE: MacDefender taken down in raid by Russian authorities?

  • Crisis, what crisis?

    There was a massive flurry on a few blog sites. Lots of assertions about "vast hordes" seeking help to get rid of this MacDefender thing. And yet, Apple's wares are flying off the shelves in ever greater numbers. Much the same thing happened with the huge furor over "Antenna-gate."

    It seems that more and more the tech sites have succumbed to petty and long lasting vendettas. And this combined with ever greater efforts at inducing shock and horror and to hell with thought etc.

    For such "award winning" bloggers, one does wonder if their glory days are long since gone, or whether they were ever worthy of anything.
    • I am a mobile IT support guy

      Who go's into peoples homes
      I saw Mac Defender and it's like on 3 different Macs
      and I hardly ever see any Macs
      you are kidding yourself
      • RE: MacDefender taken down in raid by Russian authorities?


        And I have not seen it on any.

        The ratio of infected PCs to uninfected PCs that I have experienced has always been high.

        The ratio of Infected Mac to uninfected mac I have seen has been and still is very low.

        Like about 4 infections on Macs since 1984 - and time to fix of between 5 mins and 15 mins.

        Compare that with hours to days to need to rebuild many many PCs.

        So seriously - I think you are kidding us.
      • RE: MacDefender taken down in raid by Russian authorities?

        @zmud Thank you, I've always contended that Windows is "job security" for IT people! What you've said pretty much re-enforces that statement.
      • RE: MacDefender taken down in raid by Russian authorities?

        @zmud - incorrect, you didn't see it on 3 Macs, so quit lying. It took a lot of work to get it installed, so it's more likely you have seen zero Macs that were ever affected. Be more truthful next time.
      • RE: Quit Lying


        How do you know?... were you there? Between May and June I took in about 8 Macs for repair and 7 of them were infected with this type of Malware but I guess I am lying too. Just because you didn't see it happen doesn't make it a lie. I don't get malware on my systems and haven't for many years but I know it is out there and that people are victims to it. Most of the time because of their own neglect and understanding.
      • RE: MacDefender taken down in raid by Russian authorities?

        @zmud And if you're a real Mac tech support person, then you know that people don't call you and say - "Hey, my computer doesn't have a problem. Fix it!"
    • RE: MacDefender taken down in raid by Russian authorities?


      It was bigger than you think it to be. I took in more Macs in May and June than I typically take in for an entire year. All of them had the MacDefender or a variant that needed to be removed and all the users were novices and fell for the scam and a couple entered their credit card info.

      It happened, Apple Patched, and now they are busted it seems. Similar things happen with Windows Malware. Bust a couple and new ones come up.
      • Yup, law enforcement's turn ...

        @bobiroc ... to play whack-a-mole.

        I've been a Mac user since 1984, and used Apple II's back to 1978. I prefer them for general use to my Windows, Linux and (other) Unix boxes, and I wouldn't give them up for anything.

        BUT I'm also a realist and I've been in IT long enough to know that creating malware -- especially attacks that trick clueless users -- into corrupting their own machines is not difficult, in the scheme of things, and there's seemingly little that Apple or anyone else can do about it, except play catch-up after an attack comes out.

        I love my Macs, but even I wouldn't be foolish enough to say the Macs are impervious to attacks, especially when users have proven repeatedly that they're the biggest security weakness for any system.
      • RE: MacDefender taken down in raid by Russian authorities?


        I too have been using Apples and Macs since the 80's but find I prefer Windows for my primary OS. In this day and age it is mainly a preference thing as most average consumers can use either. Businesses, Schools and other organizations have to be a bit more picky as they usually have specialized software that is not always cross platform compatible. I have a 5 year old MacBook that I use for work bootcamped with Windows 7 as I have to support both platforms at my job as a Systems Admin for a High School District. I find Windows easier to set up and manage in an enterprise or large networked environment and that is one of it's biggest advantages.

        Glad to hear that you are a realist like me and understand that the security of your computer systems is your responsibility and you cannot assume the OS or the software you use will protect you. If an attacker or Malware organization has something to gain and it is worth their effort they will find a way in if you let down your guard.
      • RE: MacDefender taken down in raid by Russian authorities?

        @bobiroc<br><br>If you think that the number of machines you see infected that you take in for REPAIR is in ANY way indicative of the level of penetration of MacDefender, you are seriously in need of either a Research Methods or Intro to Statistics class.<br>Numerous sources actually have looked at the issue, and have shown conclusively that almost no one, with in statistical significance, was affected by MacDefender. I saw it on zero machines (though I tend to deal more with hardware) and only encountered an actual infection vector once, during a google image search.<br>You claims are mathematically bogus, and pragmatically irrelevant.<br><br>@jscott69, no one in this thread claimed macs were impervious to attack, so your post has little to no relevance, or merit.
      • RE: MacDefender taken down in raid by Russian authorities?

        @bobiroc The fact that you saw 7 in 2 months doesn't make it a wide spread infection. You saw an increase and that is understandable. I am not saying that only a couple of systems in the world were infected but I don't believe it was the wide spread infection that some bloggers have made it out to be. In perspective it might have been wide spread for Macs but in the big picture it was.
    • Message has been deleted.

    • RE: MacDefender taken down in raid by Russian authorities?

      Most established products are "flying off the shelves." Check out windows 7! But, what does that have to do with malware distributors??
    • RE: MacDefender taken down in raid by Russian authorities?

      @ego.sum.stig@... at our service shop we had several calls (10 or so) from people when the installer came up, about 5 others brought in infected systems. Since then I have seen another 2 or 3 while doing other work on computers. Most of this was in a 2 or 3 week period.
      It has essentially stopped, so that is nice.