Some of the recent scams that used bogus security alerts in a bid to frighten Mac users into purchasing worthless security software appear to have been the brainchild of ChronoPay, Russia’s largest online payment processor and something of a pioneer in the rogue anti-virus business.
Since the beginning of May, security firms have been warning Apple users to be aware of new scareware threats like MacDefender and Mac Security. The attacks began on May 2, spreading through poisoned Google Image Search results. Initially, these attacks required users to provide their passwords to install the rogue programs, but recent variants do not, according to Mac security vendor Intego.
A few days after the first attacks surfaced, experienced Mac users on Apple support forums began reporting that new strains of the Mac malware were directing users to pay for the software via a domain called mac-defence.com. Others spotted fake Mac security software coming from macbookprotection.com. When I first took a look at the registration records for those domains, I was unsurprised to find the distinct fingerprint of ChronoPay, a Russian payment processor that I have written about time and again as the source of bogus security software.
The WHOIS information for bothdomains includes the contact address of fc@mail-eye.com. Last year, ChronoPay suffered a security breach in which tens of thousands of internal documents and emails were leaked. Those documents show that ChronoPay owns the mail-eye.com domain and pays for the virtual servers in Germany that run it. The records also indicate that the fc@mail-eye.com address belongs to ChronoPay’s financial controller Alexandra Volkova.
Recent domain purchases tied to ChronoPay's fc@mail-eye.com account.
The leaked documents also have given ChronoPay’s enemies access to certain online records that the company maintains, such as domain registration accounts tied to the firm. Both mac-defence.com and macbookprotection.com were suspended by the registrar — a company in the Czech Republic called Webpoint.name. But a screen shot shared with KrebsOnSecurity.com shows that someone recently used that fc@mail-eye.com account to register two more Mac security-related domains that haven’t yet shown up in rogue anti-virus attacks against Mac users: appledefence.com and appleprodefence.com.
Perhaps Apple will have better luck than others who have tried convincing ChronoPay to quit the rogue anti-virus business, but I’m not holding my breath. As I noted in a story earlier this year, ChronoPay has been an unabashed “leader” in the scareware industry for quite some time. In 2008, it was the core processor for trafficconverter.biz, the rogue anti-virus affiliate program that was designed to be the beneficiary of the first strain of the Conficker worm, a menacing contagion that still infects millions of PCs worldwide. Last March, the company was at the forefront of another emerging scam, when it began processing payments for icpp-online.com, a scam site that targeted filesharing users and stole victims’ money by bullying them into paying a “pre-trial settlement” to cover a “Copyright holder fine.”
Update, May 29: ChronoPay responded by publishing a statement denying any involvement in the MacDefender attacks.
I use chroot on mac os x to test some softwares, or to test packaging of projects I am involved with (to e.g. Test installs on 10.4 while I am using 10.6). Improve this answer. Follow answered May 7 '11 at 8:08. David Cournapeau David Cournapeau. ChronoSync is the professional choice for periodic backups, bootable drive clones, and folder and file synchronizations. Target any device or folder visible in Finder such a volume, thumb drive, NAS, disk image, select cloud services, server or (with ChronoAgent) another Mac!
Original post:
Apple has issued an official support note telling users how to avoid or remove Mac Defender malware. ZDNet also got hold an unofficial document that Apple apparently is distributing to its customer support personnel in charge of fielding complaints about the attacks. I should point out that all of the rules from my recent blog post Krebs’s 3 Basic Rules for Online Safety apply just as well to Mac users as they do to Windows folks. But #1 is the most important, and keeps Mac users out of trouble here: “If you didn’t go looking for it, don’t install it!”
- StoreBrowse Genres
- Specials
- Support
- 0
- Your cart is empty!
- Buy with confidence. All products on MacGameStore are authorized for sale by publishers. No gray-market worries here!
| Would you like to view prices in estimated EUR? (actual charges are made in USD) | Yes | | MinimumSupported | Mac OS X | 10.5.8 | Download the MacGameStore App to compare your Mac's information in real-time. | Get the Mac App CPU Type | Universal | CPU Speed | Any | Drive Space | 230 MB | Video Card | Any | |
Reviews & Comments
| 5 | 0 |
| 4 | 1 |
| 3 | 0 |
| 2 | 0 |
| 1 | 0 |
Sign In to submit a review.
More By Puppet Life
Chrono Curse Mac Os X
- Between the Worlds II: The Pyramid$6.99Between the Worlds II: The Pyramid