AAPL Stock: 118.88 ( + 1.13 )

Printed from

Apple asks to shut domain belonging to Flashback researchers

updated 12:30 pm EDT, Tue April 10, 2012

Company not communicating with security firms

Apple recently asked a web registrar,, to shut down a domain belonging to the Russian security firm Dr. Web, the latter company's CEO has revealed. Boris Sharov says the registrar informed him about the request on Monday. Apple's reasoning was that the domain was being used as a command-and-control server for computers infected with the Flashback Trojan. Sharov notes, though that the domain is actually hosting a "sinkhole," a spoofed C&C server used to monitor computers linked in the Flashback botnet.

"They told the registrar this [domain] is involved in a malicious scheme. Which would be true if we weren't the ones controlling it and not doing any harm to users," says Sharov. "This seems to mean that Apple is not considering our work as a help. It's just annoying them." He suggests that Apple was making an honest mistake, if one linked to its failure to communicate. "We've given them all the data we have," he comments. "We've heard nothing from them until this."

Dr. Web is best known for calling attention to the size of the Flashback botnet, which recently reached 600,000 Macs. Forbes notes that another security firm, Kaspersky, validated Dr. Web's findings on Friday, but has neither talked to Apple about the matter nor heard anything from the company. A statement from Kaspersky researcher Kurt Baumgartner says that "from what we've seen, Apple is taking appropriate action by working with the larger internet security community to shut down the Flashfake [also known as Flashback] C2 domains. Apple works vigorously to protect its brand and wants to rectify this."

Sharov is more critical of Apple for taking too long to fix a Java exploit used by Flashback, noting that Oracle solved it over a month ago, and that shutting down a single domain is useless, since there are "dozens" of domains currently running the botnet. Over 1 percent of Macs are thought to be infected, though Flashback is currently being exploited for click fraud, rather than something more serious like credit card theft.

by MacNN Staff



  1. tvalleau

    Joined: Dec 1969


    come on, Apple...

    ... pull your head out!

  1. Flying Meat

    Joined: Dec 1969


    I give Dr. Web credit for

    putting up a spoofed sink hole and communicating their findings, but by their own acknowledgement, Apple doesn't communicate, so how do they know Apple isn't requesting each of the "dozens" of sites involved be taken down?

  1. PJL500

    Joined: Dec 1969



    at it's most specious!

  1. Durandalus

    Joined: Dec 1969



    This whole issue demonstrates two things that are wrong with Apple today: Not shipping fixes in time and not communicating properly internally (apparently) and externally. There is no excuse for not shipping published fixes for bugs in software that come with your machines.

    Signed, one of the biggest Apple-Fanboys out there.

  1. slboett

    Joined: Dec 1969



    Durandalus is right. This came out last September. Apple was too slow. And nobody here is a bigger Apple guy than me. Quit voting down on comments that ask Apple to be responsible. Good lord.

  1. Makosuke

    Joined: Dec 1969


    Presumably all of them

    Presumably Apple is requesting all the relevant domains be shut down, but of course the security firm is the only one who's going to mention it publicly--not like the botnet owner is going to issue a press release.

    And this does highlight the one flaw in Apple's security infrastructure--a lax update schedule. They've been slow to patch things for years, and this time it finally came around to bite them in the rear with an actual exploit.

    One does hope they learn their lesson, bigtime, and stay on top of patches in the future.

    Also: Why the heck didn't Apple (and the Mozilla crew, for that matter) disable Java by default years ago? Java applets haven't been a useful technology for 99.9% of web users since Java-based chatrooms went out of style a decade ago. For those few who need Java for some corporate app it's not like it'd be hard to give instructions on re-enabling it.

  1. Viper2005

    Joined: Dec 1969


    Of course not!

    Of course Apple is not going to work with Dr Web or kaspersky! Apple stakes their reputation on the fact Macs are more secure/no viruses/safer/blah blah, and these companies take every opportunity they can to draw attention to the fact that *gasp* there ARE trojans/malware that can attack the Mac. Apple would like nothing more than to shut these companies up and sweep these issues under the rug. Malware? what Malware? :P

Login Here

Not a member of the MacNN forums? Register now for free.


Network Headlines

Follow us on Facebook


Most Popular


Recent Reviews

Ultimate Ears Megaboom Bluetooth Speaker

Ultimate Ears (now owned by Logitech) has found great success in the marketplace with its "Boom" series of Bluetooth speakers, a mod ...

Kinivo URBN Premium Bluetooth Headphones

We love music, and we're willing to bet that you do, too. If you're like us, you probably spend a good portion of your time wearing ...

Jamstik+ MIDI Controller

For a long time the MIDI world has been dominated by keyboard-inspired controllers. Times are changing however, and we are slowly star ...


Most Commented