So, who's behind the recent spate of Mac malware?
Security journalist Brian Krebs has been doing some investigating and believes that ChronoPay, Russia's largest online payment processor, is behind the attacks on Mac users.
The WHOIS information for both domains [mac-defence.com and macbookprotection.com] includes the contact address of email@example.com. Last year, ChronoPay suffered a security breach in which tens of thousands of internal documents and emails were leaked. Those documents show that ChronoPay owns the mail-eye.com domain and pays for the virtual servers in Germany that run it. The records also indicate that the firstname.lastname@example.org address belongs to ChronoPay's financial controller Alexandra Volkova.
Krebs describes ChronoPay as the 'unabashed "leader" in the scareware industry for quite some time.' The company is fairly notorious. It was the core processor for a rogue anti-virus affiliate program in 2008 that released the Conficker worm, and last March was behind a scam site that accused people for filesharing and bullied them into fake settlements.
Krebs also has his '3 basic rules for online security' which are now just as valid for Mac users as they are for Windows users.
If there's money to be made from Mac users, these attacks will continue and increase in sophistication.