Mac malware scams - Following the money

Mac malware scams - Following the money

Summary: So, who's behind the recent spate of Mac malware?

SHARE:
78

So, who's behind the recent spate of Mac malware?

Security journalist Brian Krebs has been doing some investigating and believes that ChronoPay, Russia's largest online payment processor, is behind the attacks on Mac users.

The WHOIS information for both domains [mac-defence.com and macbookprotection.com] includes the contact address of fc@mail-eye.com. Last year, ChronoPay suffered a security breach in which tens of thousands of internal documents and emails were leaked. Those documents show that ChronoPay owns the mail-eye.com domain and pays for the virtual servers in Germany that run it. The records also indicate that the fc@mail-eye.com address belongs to ChronoPay's financial controller Alexandra Volkova.

Krebs describes ChronoPay as the 'unabashed "leader" in the scareware industry for quite some time.' The company is fairly notorious. It was the core processor for a rogue anti-virus affiliate program in 2008 that released the Conficker worm, and last March was behind a scam site that accused people for filesharing and bullied them into fake settlements.

Krebs also has his '3 basic rules for online security' which are now just as valid for Mac users as they are for Windows users.

If there's money to be made from Mac users, these attacks will continue and increase in sophistication.

Topics: Apple, Hardware, Malware, Security

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

78 comments
Log in or register to join the discussion
  • RE: Mac malware scams - Following the money

    Excellent - I know normally the comments are for people castigate you, but in this case I want to do the opposite. Excellent reporting, and the link is useful too.

    Thanks.
    jeremychappell
    • RE: Mac malware scams - Following the money

      @jeremychappell

      I agree. And the "3 basic rules" make perfect sense.

      The MacDefender application (and its variants) are scams that ONLY work if a user is naive and reckless enough to blindly install this software themselves.

      NO amount of security software or built-in OS-level security will ever stop people from falling for scams.

      Even the security software companies who make a humongous amount of money selling anti-virus software to Windows users (and who would love to do the same thing with Mac users) have stated clearly that MacDefender and its variants are NOT a Mac OS X vulnerability!

      Here is a quote from Peter James, spokesperson for Intego:

      "This is not a Mac OS X vulnerability, but social engineering, taking advantage of users who are unaware of what is happening."
      Harvey Lubin
  • This is useful reporting.

    People need to be 'educated' about just how scary these crime rings are and you elevate awareness with these types of articles.

    This is an issue that affects any operating system!
    Dietrich T. Schmitz, *~* Your Linux Advocate
  • Message has been deleted.

    Dietrich T. Schmitz, *~* Your Linux Advocate
    • Message has been deleted.

      Dietrich T. Schmitz, *~* Your Linux Advocate
    • RE: Mac malware scams - Following the money

      @Dietrich T. Schmitz, *~* Your Linux Advocate

      Holy crap this is twice in one day that I agree with you? Is it a full moon? Did I end up in another dimension?
      bobiroc
      • Full Moon

        @bobiroc
        +1
        bein' easy
      • RE: Mac malware scams - Following the money

        @bobiroc LOL I thought the same thing.
        ItsTheBottomLine
    • RE: Mac malware scams - Following the money

      @Dietrich T. Schmitz, *~* Your Linux Advocate I totally agree with you. What I do not get are the rabid frothing at the mouth Mac fanboi zealots who ignore this... then again they are fun to mess with... LOL
      athynz
      • RE: Mac malware scams - Following the money

        @athynz
        What I get a kick out of are all of the MS fanbois that are getting such a kick out of a single Mac attack while MS admits that one out of every 14 downloads contain malware aimed at Windows.
        lewmur
      • Funny...

        @lewmur
        I've downloaded more than 14 files in the past week.

        And yet, my system is virus free. And yes, I run Windows 7.

        I guess I might be lucky...

        Either way, This article isn't about Windows, viruses and other malware that afflict Windows. Why bring it up? This isn't a comparison.

        And no, it's not really all that entertaining. It might have been for all of maybe 30 - 60 seconds. Watching all of you bury your heads in the sand in unison has it's amusment value. But after reading 50 or more posts by Mactards who are all saying pretty much the same thing - it gets old rather quickly.

        Also... It ain't single any more. In case you missed it, it's now plural - and given today's news (this post), it's likely there's more to come. Hiding behind Windows and trying to divert attention from the real issue here isn't going to stop the real culprits from producing more, nastier variations of this malware.

        Nice try though.
        Wolfie2K3
      • Funny indeed!

        @athynz
        I had malware on a Windows 95 setup that came from shrink wrapped software. Never since despite running Windows through Windows 7. It's all in the operator, Mac or Windows (or Linux for that matter).
        ait10101
    • Not with Linux it hasn't

      Show me one instance where this scareware has taken root.
      ScorpioBlue
      • That's because Linux is the puzzle no one wants to play.

        @ScorpioBlue ... sorry but until some useful programs are released on linux it will always remain a cute little puzzleware that wastes a bunch of time.
        Reality Bites
      • Try using it, first

        Before you go shooting your mouth off, @Reality Bites.
        blind obedience
      • Umm just do a little searching around

        @ScorpioBlue There are sites recording and reporting malware attacks on linux servers all the time. They are not infrequent. These are different than the attacks most desktop users see - browser attacks. Linux does better here through obscurity. Yes I believe in security through obscurity because I worked for a security firm and the hackers and those who fought them believed in it. Malware just doesn't get very far if there are not lots of desktop users. Summary Servers and desktop attacks are very different. Linux servers get attacked but linux desktops don't - yet. Macs have gotten popular enough to warrant attack.
        DevGuy_z
      • RE: Mac malware scams - Following the money

        @Reality Bites I agree. I ran Ubuntu 10.04 on my laptop for 8 months and it's useless besides basic browsing and torrenting.

        Screw running the Adobe Creative Suite in 64 bits through Wine. I don't have time to force things to work.
        Z3R0D4Y
      • Message has been deleted.

        blind obedience
      • RE: Mac malware scams - Following the money

        [i]Screw running the Adobe Creative Suite in 64 bits through Wine. I don't have time to force things to work.[/i]

        I agree. If your whole life revolves around using Adobe Creative Suite, then Linux isn't for you. A tiny minority.

        But that doesn't mean the rest of the world can't utilize it if they don't want to.

        No need to feel threatened by the 1%, pal. Or is it more than 1% ;)
        blind obedience
      • RE: Mac malware scams - Following the money

        @blind obedience

        [i]"I agree. If your whole life revolves around using Adobe Creative Suite, then Linux isn't for you. A tiny minority.

        But that doesn't mean the rest of the world can't utilize it if they don't want to.

        No need to feel threatened by the 1%, pal. Or is it more than 1%"[/i]

        Yeah that's right. Only 1% of the computing world need or want to use Adobe Creative Suite. Gee how does Adobe survive. Besides Adobe Creative Suite is just one example. What about all the other software titles that just do not work or give some sub par bronze or silver rating for compatibility. Why go for the Bronze or Silver when you can have the Diamond of Platinum Standard. Once again you live up to your clever display name.
        bobiroc