Chrono Curse Mac OS

Posted on  by

Some of the recent scams that used bogus security alerts in a bid to frighten Mac users into purchasing worthless security software appear to have been the brainchild of ChronoPay, Russia’s largest online payment processor and something of a pioneer in the rogue anti-virus business.

Since the beginning of May, security firms have been warning Apple users to be aware of new scareware threats like MacDefender and Mac Security. The attacks began on May 2, spreading through poisoned Google Image Search results. Initially, these attacks required users to provide their passwords to install the rogue programs, but recent variants do not, according to Mac security vendor Intego.

A few days after the first attacks surfaced, experienced Mac users on Apple support forums began reporting that new strains of the Mac malware were directing users to pay for the software via a domain called mac-defence.com. Others spotted fake Mac security software coming from macbookprotection.com. When I first took a look at the registration records for those domains, I was unsurprised to find the distinct fingerprint of ChronoPay, a Russian payment processor that I have written about time and again as the source of bogus security software.

The WHOIS information for bothdomains includes the contact address of fc@mail-eye.com. Last year, ChronoPay suffered a security breach in which tens of thousands of internal documents and emails were leaked. Those documents show that ChronoPay owns the mail-eye.com domain and pays for the virtual servers in Germany that run it. The records also indicate that the fc@mail-eye.com address belongs to ChronoPay’s financial controller Alexandra Volkova.

Recent domain purchases tied to ChronoPay's fc@mail-eye.com account.

The leaked documents also have given ChronoPay’s enemies access to certain online records that the company maintains, such as domain registration accounts tied to the firm. Both mac-defence.com and macbookprotection.com were suspended by the registrar — a company in the Czech Republic called Webpoint.name. But a screen shot shared with KrebsOnSecurity.com shows that someone recently used that fc@mail-eye.com account to register two more Mac security-related domains that haven’t yet shown up in rogue anti-virus attacks against Mac users: appledefence.com and appleprodefence.com.

Perhaps Apple will have better luck than others who have tried convincing ChronoPay to quit the rogue anti-virus business, but I’m not holding my breath. As I noted in a story earlier this year, ChronoPay has been an unabashed “leader” in the scareware industry for quite some time. In 2008, it was the core processor for trafficconverter.biz, the rogue anti-virus affiliate program that was designed to be the beneficiary of the first strain of the Conficker worm, a menacing contagion that still infects millions of PCs worldwide. Last March, the company was at the forefront of another emerging scam, when it began processing payments for icpp-online.com, a scam site that targeted filesharing users and stole victims’ money by bullying them into paying a “pre-trial settlement” to cover a “Copyright holder fine.”

Update, May 29: ChronoPay responded by publishing a statement denying any involvement in the MacDefender attacks.

I use chroot on mac os x to test some softwares, or to test packaging of projects I am involved with (to e.g. Test installs on 10.4 while I am using 10.6). Improve this answer. Follow answered May 7 '11 at 8:08. David Cournapeau David Cournapeau. ChronoSync is the professional choice for periodic backups, bootable drive clones, and folder and file synchronizations. Target any device or folder visible in Finder such a volume, thumb drive, NAS, disk image, select cloud services, server or (with ChronoAgent) another Mac!

Original post:

Apple has issued an official support note telling users how to avoid or remove Mac Defender malware. ZDNet also got hold an unofficial document that Apple apparently is distributing to its customer support personnel in charge of fielding complaints about the attacks. I should point out that all of the rules from my recent blog post Krebs’s 3 Basic Rules for Online Safety apply just as well to Mac users as they do to Windows folks. But #1 is the most important, and keeps Mac users out of trouble here: “If you didn’t go looking for it, don’t install it!”

  • Store
    Browse Genres
  • Specials
  • Support
  • 0
    • Your cart is empty!
    • Buy with confidence. All products on MacGameStore are authorized for sale by publishers. No gray-market worries here!
You are currently browsing with Javascript disabled. Enhanced features of the store will not be available to you.
Would you like to view prices in estimated EUR? (actual charges are made in USD)Yes
MinimumSupportedMac OS X10.5.8Download the MacGameStore App to compare your Mac's information in real-time.
Get the Mac App
CPU TypeUniversal
CPU SpeedAny
Drive Space230 MB
Video CardAny

Reviews & Comments

50
41
30
20
10
Turn On Javascript
Chrono curse mac os 11
Be the first to submit a review!
Sign In to submit a review.

More By Puppet Life

Chrono Curse Mac Os X

  • Between the Worlds II: The Pyramid$6.99
    Between the Worlds II: The Pyramid