Apple has reportedly tried to shut down a server monitoring the number of Macs infected by the Flashback trojan, according to Forbes.
Boris Sharov, chief executive of the Moscow-based security Dr. Web says he learned Monday from the Russian Web registrar Reggi.ru that Apple had requested the registrar shut down one of its domains, which Apple said was being used as a "command and control" server for the hundreds of thousands of PCs infected with Flashback. In fact, that domain was one of three that Dr. Web has been using as a spoofed command and control server–what researchers call a "sinkhole"–to monitor the collection of hijacked machines and try to understand their behavior, the technique which allowed the firm to first report the size of Apple's botnet last week.
"They told the registrar this [domain] is involved in a malicious scheme. Which would be true if we weren't the ones controlling it and not doing any harm to users," says Sharov. "This seems to mean that Apple is not considering our work as a help. It's just annoying them."
It's unclear if Apple's intent was to shut down the monitor or whether it really thought that Dr. Web's domain was malicious.
"We've given them all the data we have," said Sharov. "We've heard nothing from them until this."
To find out if you are infected with the trojan use this.
Read More
Boris Sharov, chief executive of the Moscow-based security Dr. Web says he learned Monday from the Russian Web registrar Reggi.ru that Apple had requested the registrar shut down one of its domains, which Apple said was being used as a "command and control" server for the hundreds of thousands of PCs infected with Flashback. In fact, that domain was one of three that Dr. Web has been using as a spoofed command and control server–what researchers call a "sinkhole"–to monitor the collection of hijacked machines and try to understand their behavior, the technique which allowed the firm to first report the size of Apple's botnet last week.
"They told the registrar this [domain] is involved in a malicious scheme. Which would be true if we weren't the ones controlling it and not doing any harm to users," says Sharov. "This seems to mean that Apple is not considering our work as a help. It's just annoying them."
It's unclear if Apple's intent was to shut down the monitor or whether it really thought that Dr. Web's domain was malicious.
"We've given them all the data we have," said Sharov. "We've heard nothing from them until this."
To find out if you are infected with the trojan use this.
Read More