updated 12:30 pm EDT, Tue April 10, 2012
Company not communicating with security firms
Apple recently asked a web registrar, Reggi.ru, to shut down a domain belonging to the Russian security firm Dr. Web, the latter company's CEO has revealed. Boris Sharov says the registrar informed him about the request on Monday. Apple's reasoning was that the domain was being used as a command-and-control server for computers infected with the Flashback Trojan. Sharov notes, though that the domain is actually hosting a "sinkhole," a spoofed C&C server used to monitor computers linked in the Flashback botnet.
"They told the registrar this [domain] is involved in a malicious scheme. Which would be true if we weren’t the ones controlling it and not doing any harm to users," says Sharov. "This seems to mean that Apple is not considering our work as a help. It’s just annoying them." He suggests that Apple was making an honest mistake, if one linked to its failure to communicate. "We’ve given them all the data we have," he comments. "We’ve heard nothing from them until this."
Dr. Web is best known for calling attention to the size of the Flashback botnet, which recently reached 600,000 Macs. Forbes notes that another security firm, Kaspersky, validated Dr. Web's findings on Friday, but has neither talked to Apple about the matter nor heard anything from the company. A statement from Kaspersky researcher Kurt Baumgartner says that "from what we’ve seen, Apple is taking appropriate action by working with the larger internet security community to shut down the Flashfake [also known as Flashback] C2 domains. Apple works vigorously to protect its brand and wants to rectify this."
Sharov is more critical of Apple for taking too long to fix a Java exploit used by Flashback, noting that Oracle solved it over a month ago, and that shutting down a single domain is useless, since there are "dozens" of domains currently running the botnet. Over 1 percent of Macs are thought to be infected, though Flashback is currently being exploited for click fraud, rather than something more serious like credit card theft.