Go Back   MacRumors Forums > News and Article Discussion > MacRumors.com News Discussion

Reply
 
Thread Tools Search this Thread Display Modes
Old Aug 4, 2011, 02:34 PM   #1
MacRumors
macrumors bot
 
Join Date: Apr 2001
Raid on Russian Firm May Have Taken Down MacDefender Malware




MacDefender was the most significant malware attack on the Mac in years, if ever. The threat started in May, infecting many less-savvy Mac users, and had become widespread enough that Apple was forced to release a special anti-malware security fix. The software would be downloaded when users visited certain websites and, once installed, looked to be legitimate anti-virus software. Unsuspecting users would get warnings of viruses infecting their system. By entering their credit card number, users could pay to "remove" the viruses.

Except it was all fake. There were no viruses, just a piece of software trying to trick users into handing over their credit card numbers.




The hidden developer behind MacDefender continued to release new variants of the malware into the wild, resulting in a cat-and-mouse game as Apple continued to ban new variants of the software.

Then, one day, MacDefender simply disappeared. Richard Gaywood, at TUAW, pointed out that Apple hadn't updated its malware definitions -- the code designed to kill MacDefender -- since June 18.

Brian Krebs might have the answer:
Quote:
On June 23, Russian police arrested Pavel Vrublevsky, the co-founder of Russian online payment giant ChronoPay and a major player in the fake AV market.

[...]

In May, I wrote about evidence showing that ChronoPay employees were involved in pushing MacDefender -- fake AV software targeting Mac users. ChronoPay later issued a statement denying it had any involvement in the MacDefender scourge.

But last week, Russian cops who raided ChronoPay's offices in Moscow found otherwise. According to a source who was involved in the raid, police found mountains of evidence that ChronoPay employees were running technical and customer support for a variety of fake AV programs, including MacDefender.
The last release of MacDefender occurred on June 18. ChronoPay's offices are raided June 23. A coincidence perhaps, or Russian law enforcement saving Mac users from fake antivirus software.

Article Link: Raid on Russian Firm May Have Taken Down MacDefender Malware
MacRumors is offline   8 Reply With Quote
Old Aug 4, 2011, 02:37 PM   #2
Lesser Evets
macrumors 68030
 
Lesser Evets's Avatar
 
Join Date: Jan 2006
THROW AWAY THE KEY... or shoot them.
__________________
2x1.86 BSEL Pro 1,1; 5770; 16GB RAM
Lesser Evets is offline   2 Reply With Quote
Old Aug 4, 2011, 02:37 PM   #3
b-rad g
macrumors 6502a
 
b-rad g's Avatar
 
Join Date: Jun 2010
Haha! Got em!
b-rad g is offline   2 Reply With Quote
Old Aug 4, 2011, 02:38 PM   #4
Ryth
macrumors 65816
 
Join Date: Apr 2011
Quote:
Originally Posted by Lesser Evets View Post
THROW AWAY THE KEY... or shoot them.
Siberia baby!
Ryth is offline   8 Reply With Quote
Old Aug 4, 2011, 02:39 PM   #5
GQB
macrumors 65816
 
Join Date: Sep 2007
To the GULAG with them!
GQB is offline   4 Reply With Quote
Old Aug 4, 2011, 02:43 PM   #6
deannnnn
macrumors 68000
 
deannnnn's Avatar
 
Join Date: Jun 2007
Location: New York City & South Florida
This is good news. MacDefender got my Dad. He, like many Mac users infected with the malware, is one of those people that clicks "okay" to anything just to get the windows to go away.
__________________
MacBook Pro (Retina) / iPhone 5S
deannnnn is offline   3 Reply With Quote
Old Aug 4, 2011, 02:43 PM   #7
MBP13
macrumors 6502
 
Join Date: Mar 2011
Way to go! I'm glad the ringleader of all of this crap was finally captured.
MBP13 is offline   5 Reply With Quote
Old Aug 4, 2011, 02:43 PM   #8
8ate8
macrumors member
 
Join Date: Nov 2010
Location: Central Jersey
Wirelessly posted (iPhone 4: Mozilla/5.0 (iPhone; U; CPU iPhone OS 4_3_4 like Mac OS X; en-us) AppleWebKit/533.17.9 (KHTML, like Gecko) Version/5.0.2 Mobile/8K2 Safari/6533.18.5)

In Soviet Russia, anti-virus software....

No, I'm not gonna go there...
8ate8 is offline   15 Reply With Quote
Old Aug 4, 2011, 02:44 PM   #9
taigebu
macrumors newbie
 
Join Date: Aug 2011
Thank god Vladimir Poutine was infected unless this would have never happened
taigebu is offline   7 Reply With Quote
Old Aug 4, 2011, 02:46 PM   #10
applefan289
macrumors 68000
 
Join Date: Aug 2010
Location: USA
Justice has been served.
applefan289 is offline   -1 Reply With Quote
Old Aug 4, 2011, 02:47 PM   #11
D 5
macrumors member
 
Join Date: Jun 2007
It was Apple's screte service i tell you
D 5 is offline   10 Reply With Quote
Old Aug 4, 2011, 02:52 PM   #12
milbournosphere
macrumors 6502a
 
milbournosphere's Avatar
 
Join Date: Mar 2009
Location: San Diego, CA
In Soviet Russia, malware...oh screw it, I'm just happy to see them arrested.
milbournosphere is offline   0 Reply With Quote
Old Aug 4, 2011, 02:53 PM   #13
tharoc
macrumors newbie
 
Join Date: Jun 2010
Location: Phoenix, Arizona
Sorry comrade...no Stoli for you...
tharoc is offline   1 Reply With Quote
Old Aug 4, 2011, 02:53 PM   #14
Mr. Retrofire
macrumors 601
 
Mr. Retrofire's Avatar
 
Join Date: Mar 2010
Location: www.emiliana.cl
MR wrote:
Quote:
...infecting many less-savvy Mac users...
How can a trojan horse "infect" a "less-savvy Mac user"? Does it come via the display directly into the body of the said user? Impressive technology!

This sounds like utter rubbish. Not?
Mr. Retrofire is offline   -31 Reply With Quote
Old Aug 4, 2011, 02:57 PM   #15
Tom8
macrumors 6502a
 
Join Date: Oct 2010
Quote:
Originally Posted by 8ate8 View Post
Wirelessly posted (iPhone 4: Mozilla/5.0 (iPhone; U; CPU iPhone OS 4_3_4 like Mac OS X; en-us) AppleWebKit/533.17.9 (KHTML, like Gecko) Version/5.0.2 Mobile/8K2 Safari/6533.18.5)

In Soviet Russia, anti-virus software....

No, I'm not gonna go there...
Quote:
Originally Posted by milbournosphere View Post
In Soviet Russia, malware...oh screw it, I'm just happy to see them arrested.
I'll do it for you two


In Soviet Russia, anti-virus software infects you!
Tom8 is offline   9 Reply With Quote
Old Aug 4, 2011, 02:58 PM   #16
DefiantSoul
macrumors member
 
Join Date: Dec 2004
Wirelessly posted (Mozilla/5.0 (iPhone; CPU iPhone OS 5_0 like Mac OS X) AppleWebKit/534.46 (KHTML, like Gecko) Mobile/9A5274d)

Maybe I'm being too harsh, but anyone that falls for the old "YOU HAVE VIRUSES!!! Give us your credit card number and we'll get rid of them!" trick deserves what they get.

Last edited by DefiantSoul; Aug 4, 2011 at 02:59 PM.
DefiantSoul is offline   -19 Reply With Quote
Old Aug 4, 2011, 03:00 PM   #17
Gregintosh
macrumors 65816
 
Join Date: Jan 2008
Location: Chicago
I always wondered why authorities haven't gone after the credit card processors who process the payments for these kinds of scams.

In order to obtain a merchant account, typically you have to submit your company to a full background and credit check, so it should be a piece of cake to follow the money trail right to the door of whoever is profiting from these scams.

Visa and Mastercard (the two biggest credit cards in the US) could also step in and deny merchant services wholesalers that have these kinds of transactions the ability to process Visas or Mastercards, which would effectively kill the offending processors business and/or make that industry clean up its act.

With a few strategic moves, the financial incentive to put out malware like this (which is all too common) would be greatly diminished and we'd probably see A LOT less of it.
Gregintosh is offline   5 Reply With Quote
Old Aug 4, 2011, 03:03 PM   #18
qtx43
macrumors 6502a
 
Join Date: Aug 2007
So is ChronoPay sort of like Russia's PayPal? Thank goodness that PayPal's execs are more honest ...they are, right?
qtx43 is offline   4 Reply With Quote
Old Aug 4, 2011, 03:03 PM   #19
HBOC
macrumors 68020
 
Join Date: Oct 2008
Location: PDX
I am sure someone will pick up where this guy left off...
__________________
500px
dustingentadventures.com
HBOC is offline   0 Reply With Quote
Old Aug 4, 2011, 03:06 PM   #20
GGJstudios
macrumors Westmere
 
Join Date: May 2008
Quote:
Originally Posted by Mr. Retrofire View Post
MR wrote:


How can a trojan horse "infect" a "less-savvy Mac user"? Does it come via the display directly into the body of the said user? Impressive technology!

This sounds like utter rubbish. Not?
Not. Of course they mean infecting the computers of less-savvy users, which it did, since less-savvy users installed the fake AV when prompted, being gullible enough to believe they were infected by a Mac virus.
GGJstudios is offline   4 Reply With Quote
Old Aug 4, 2011, 03:06 PM   #21
andiwm2003
macrumors 601
 
andiwm2003's Avatar
 
Join Date: Mar 2004
Location: Boston, MA
If true and if they are guilty I hope the russian Justice system and the russian jails live up to their image.

Again, if they are guilty I hope they rot in a jail in northern siberia for the next 25 years...
andiwm2003 is offline   4 Reply With Quote
Old Aug 4, 2011, 03:07 PM   #22
MacRohde
macrumors regular
 
Join Date: Jun 2004
Location: Copenhagen, Denmark
Quote:
Originally Posted by DefiantSoul View Post
Wirelessly posted (Mozilla/5.0 (iPhone; CPU iPhone OS 5_0 like Mac OS X) AppleWebKit/534.46 (KHTML, like Gecko) Mobile/9A5274d)

Maybe I'm being too harsh, but anyone that falls for the old "YOU HAVE VIRUSES!!! Give us your credit card number and we'll get rid of them!" trick deserves what they get.
Yeah, you are absolutely being too harsh.

Just because you are a bit trustworthy and/or naive - or just very new to the world of computers - does not mean you "deserve what you get".
__________________
My main systems: iMac 2.7 GHz (Mountain Lion), iPad 2, iPhone 4S.
MacRohde is offline   14 Reply With Quote
Old Aug 4, 2011, 03:10 PM   #23
GenesisST
macrumors 65816
 
GenesisST's Avatar
 
Join Date: Jan 2006
Location: Where I live
Quote:
Originally Posted by taigebu View Post
Thank god Vladimir Poutine was infected unless this would have never happened
Now I'm hungry...

Poutine: http://en.wikipedia.org/wiki/Poutine
Putin: http://en.wikipedia.org/wiki/Vladimir_Putin
__________________
Kenmore microwave, Frigidaire oven, Fisher & Paykel fridge, LG washer & Dryer and Crane toilet
GenesisST is offline   11 Reply With Quote
Old Aug 4, 2011, 03:11 PM   #24
wargasm
macrumors newbie
 
Join Date: Jun 2010
Chop their hands off...
wargasm is offline   3 Reply With Quote
Old Aug 4, 2011, 03:12 PM   #25
jman240
macrumors 6502a
 
Join Date: May 2009
If this is the worst "threat" Mac users see then I find that pretty funny . I mean it doesn't do anything. Well, other than some small pop ups and asks for your credit card? Really? That is considered a "major threat..."

Unless it slows down or crashes your computer (ahem Windows Super Antivirus 2009 (10, 11, etc) then its just annoying. Nice that its gone though

My dad actually managed to get this thing [facepalm]. I just deleted it from apps and presto. Gone. It didn't even leave anything on the system (did a full search). =). Alternatively removing the fake A/V software on Windows can be a bit of a chore and best if you catch it early.
jman240 is offline   6 Reply With Quote

Reply
MacRumors Forums > News and Article Discussion > MacRumors.com News Discussion

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Similar Threads
thread Thread Starter Forum Replies Last Post
2nd & 3rd drives in software raid... will I lose the raid if i reinstall my OS? ASFx Mac Pro 2 May 1, 2014 05:40 PM
Replacing a dead g-tech raid with an external RAID? SpastikMonkii Digital Video 16 Jul 19, 2013 07:47 AM
How to check if a RAID enclosure is working as RAID savedave Mac Peripherals 7 May 30, 2013 11:45 AM
G-Raid w/ Thunderbolt - RAID 1, discs swappable? james*b Mac Peripherals 1 May 25, 2013 08:46 PM
RAID Firewire 800 vs RAID USB 3.0 (5400RPM) LeandrodaFL Mac Peripherals 4 Mar 3, 2013 09:59 AM

Forum Jump

All times are GMT -5. The time now is 05:24 PM.

Mac Rumors | Mac | iPhone | iPhone Game Reviews | iPhone Apps