The fake MacDefender malware that has been plaguing owners of Apple computers for about a month has been traced back to Russian online payment processor ChronoPay, a computer security researcher claimed Friday.
Best Microsoft MCTS Training, Microsoft MCITP Training at certkingdom.com
“Some of the recent scams that used bogus security alerts in a bid to frighten Mac users into purchasing worthless security software appear to have been the brainchild of ChronoPay, Russia’s largest online payment processor and something of a pioneer in the rogue anti-virus business,” writes security researcher Brian Krebs on his KrebsonSecurity blog.
The fake MacDefender phishing attack and similar scareware called MacProtector and MacSecurity often attacks through poisoned Google Image search results and is very difficult for Mac users to remove because it attaches itself to a computer’s launch menu and has no dock icon.
Krebs said he traced new strains of the scareware back to ChronoPay by investigating two domains the rogue software directs Mac users to go for a paid software security solution. He found that both mac-defence.com and macbookprotection.com are associated with the email address fc@mail-eye.com—an address that leaked ChronoPay documents indicate is owned by the company’s financial controller Alexandra Volkova.
Those two domains have been suspended by Webpoint.com, a Czech registrar, according to Krebs. But the fc@mail-eye.com account was recently used to register appledefence.com and appleprodefence.com, he added, though Mac users have not yet reported being directed to those domains via scareware like MacDefender.
“ChronoPay has been an unabashed ‘leader’ in the scareware industry for quite some time,” Krebs writes. “In 2008, it was the core processor for trafficconverter.biz, the rogue anti-virus affiliate program that was designed to be the beneficiary of the first strain of the Conficker worm, a menacing contagion that still infects millions of PCs worldwide.
“Last March, the company was at the forefront of another emerging scam, when it began processing payments for icpp-online.com, a scam site that targeted filesharing users and stole victims’ money by bullying them into paying a ‘pre-trial settlement’ to cover a ‘Copyright holder fine.'”
Apple said this week that it would release an update to its OS X operating system that roots out and destroys the fake Mac Defender malware and similar scareware.
The company also released a support document instructing Mac users on ways to eliminate MacDefender from their computers.
Post your comments