One of the big stories in the computing world over the last week or so has been the huge number of Mac computers infected with Flashback malware. It was originally reported that about 500k Mac computers were infected with the malware. Third-party companies have already offered tools to discover and remove the malware if your machine is infected and Apple is said to be working on its own first party detection and removal tool.
The company that apparently originally discovered the Flashback botnet is speaking out on alleged Apple attempts to shut down one of the companies web domains. The Russian company is called Dr. Web and the company CEO Boris Sharov has told Forbes that he learned early this week that Apple had requested that the Russian web registrar Reggi.ru shut down one of its domains. Apple told the registrar that the domain was used as a “command-and-control” server for computers infected with Flashback.
Sharov believes that Apple’s attempt to shut down its domain was a mistake on Apple’s part. The domain in question was one of three that the company was using as a spoofed command-and-control server dubbed a sinkhole by web researchers to monitor the collection of hijacked machines. These sinkholes are used to try to understand the behavior of the bot net. Apple has offered no comment on the issue.
“They told the registrar this [domain] is involved in a malicious scheme. Which would be true if we weren’t the ones controlling it and not doing any harm to users,” says Sharov. “This seems to mean that Apple is not considering our work as a help. It’s just annoying them.”