[ insider_reports_insider ]
The Saga Of MacDefender Continues With New Alias: MacGuard
Joe Purcell
Staff Writer
2011-06-09
 Insider Reports RSS Feed
Less than a month ago a malware antivirus program made headlines as the first widespread virus for Apple's OS X. This phishing virus, first known as MacDefender, is spread through SEO poisoning and pretends to be an antivirus program, but aims at getting the user's credit card information by purchasing the product. Within eight hours of Apple's security update the malware was released with a new alias: MacGuard. Who is involved and how serious a threat the malware poses is of concern to security.
 | | The Saga Of MacDefender Continues With New Alias: MacGuard |  |
The program has been linked to Russia's largest payment processing firm, ChronoPay. As one article explains, the two domains that were associated with MacDefender, appledefence.com and appleprodefence.com, were both linked to ChronoPay. Yet, the company has been linked to other scareware programs in the past. A Washington Post article notes in 2009 that Kasperksy Lab was "tracking at least 25 different rogue anti-virus products that use Chronopay for payments."
Brian Krebs, a security expert who reported for the Washington Post, met with ChronoPay's CEO, Paul Vrublevsky, in 2009 who denied any association with malicious programs. Since then an employee of the company had leaked "internal documents and emails, which showed how integral ChronoPay was to the rogue anti-virus industry."
When Mr. Krebs met with him again earlier this year his attitude was much different. He admitted that some of ChronoPay's clients were letting other entities use their processing accounts for shady business. Yet, the CEO states that is "what high-risk payment service providers do." He explains that "most payment service providers basically register the companies themselves and monitor the whole [operation] from the inside."
The reason ChronoPay hasn't been more involved with their client's dealings is likely because they are involved in a high risk market. They recently claimed innocence to the MacDefender virus,
ChronoPay completely and totally disavows the most recent blog postings and publications alleging a connection between ChronoPay and MacDefender and assures our customers that our company is not involved with MacDefender in anyway, not are we involved with any virus production as has been alleged. Though ChronoPay may not be directly involved, Mr. Krebs' investigation as well as the leaked documents link the company to shady antivirus programs. Perhaps treading on Apple's territory will change their hands off approach to client business.
Apple finally responded to MacDefender on May 31 with a security update which automatically removes the program. Within eight hours after came a modified version of the virus called MacGuard.
The program has been known by other aliases as well, such as MacProtector, MacSecurity, and MacBookProtection. The security firm Intego, which focuses solely on Mac, has stayed on top of the latest developments with the release of MacDefender and MacGuard and show on their site how to disable them.
All in all, Apple's OS X remains at the top in terms of security and the threat this malware program has is minimal since it requires users to manually install the program. For Mac users, be sure to check out Apple's support document (last updated yesterday) to remove the malware and prevent future attacks of this kind by disabling the option to open safe files after downloading in Safari, as Intego suggests. Time will show just how stable Apple's operating system is as its popularity grows.
View All Articles by Joe Purcell
About the Author:
Joe Purcell is a technology virtuoso, cyberspace frontiersman, and connoisseur of Linux, Mac, and Windows alike.
More insider_reports_insider Articles
Insider Reports RSS Feed
|
|
iEntry 10th Anniversary
RSS
Archive
