Users of Mac computers can tell thanks of Microsoft for suppression of small, but rather vredosnosny botnet. On Monday at the request of the company the federal judge of the State of Virginia ordered to VeriSign provider to close nearly two tens domains connected with servers which managed the botnet Kelihos.
As reported Microsoft, as a part of one of these domains - cz.cc, there were machines within several weeks of last spring distributing a large number of a counterfeit anti-virus software for the machines Mac.
Counterfeit software, called "frightening" (scareware) or "fraudulent" (rogueware), began to do harm to users at the beginning of May, and it proceeded within two months. As well as the similar software menacing to the PC running Windows (and much more widespread), harmful software for Mac sent messages to users of computers of Apple that their computer is strongly infected. After installation a false anti-virus software exhausted users pop-up windows and false warnings while they did not pay acquisition of the useless program.
Microsoft notes that the domain cz.cc "underwent a research as the hosting of subdomains which is responsible for distribution of MacDefender", the most often used program - "jump scare" for Mac in the beginning. Some companies operating in the field of IT security in May-June analyzed MacDefender and agreed with such approval of Microsoft.
The French company Intego and the British Sophos stated that among the subdomains servicing MacDefender there were also those that were a part of the domain cz.cc closed by VeriSign.
Chet Wisniewski, the researcher on security of Sophos company, speaking about the mechanism of redirection of users from the cracked websites on the websites with frightening software for Mac, noted that names of the websites conducting to MacDefender were various and often already compromised though entered domain .com space. "I cannot confirm that MacDefender extended only through cz.cc, but the percent was high".
However both Vishnevski, and Peter James - the representative of Intego, told that this action of Microsoft was, substantially, disputable.
According to Vishnevski, MacDefender began to disappear after Pavel Vrublevsky arrest in June. Vishnevski meant the person accused of cracking of the competitor - the Russian company ChronoPay, allegedly, processing credit card payments for distributors of false software. Vrublevsky arrest was result of operation on the termination in the USA and several other countries of activity of the cybercriminals responsible for distribution of a large number of software of scareware for the PC under Windows.
Then the transaction Trident Tribunal overtook criminals who presumably, applying scareware, infected about one million computers. As a result swindlers did not gain $72 million income.
James agrees that influence of MacDefender seems, decreased. "I think, a noise combination in the press and arrests of some people for creation of a counterfeit antivirus stopped its action or transferred to the sleeping status", - the analyst emphasized.
Suppression of the botnet Kelihos was carried out within transaction under the general name Operation b79.
| The site content is translated by machine translation software powered by PROMT. The machine-translated articles are not always perfect and may contain errors in vocabulary, syntax or grammar. Read original article If you find inaccuracies or errors in the results of machine translation, please write to editor@tadviser.ru. We will make every effort to correct them as soon as possible. |