Posted by: David Harley | May 27, 2011

MacDefender: removing the malware and following the money

…and, back on the MacDefender case (yawn…) …

  • has removal guides for several variants, plus a removal tool courtesy of Lawrence Abrams. I haven’t checked them out personally, but I’ve no doubt they’ll be carefully done, as usual. The guides are linked from Security Garden: thanks, Corrine, for the pointer update. Also to Randy Knobloch for his continuing and valued input: interesting that so much of the useful information on this stuff is coming from MS-qualified professionals. I can’t say I’ve noticed a similar information flow the other way with respect to Windows problems. 😉
  • Brian Krebs also weighs in (hat tip to @virusbtn for flagging his article). While he neatly summarizes some of the issues, two of the really interesting angles are that:
    • The money trail goes back to Chronopay, a huge online payment processing operation in Russia and a long-time player in the fake AV market.
    • He’s noted a couple of domain names not used yet( and that suggest fake product names in the pipeline. Interesting that the names use the UK-ish spelling *defence rather than the USian *defense. I wouldn’t have thought that Russian gangs favour UK finishing schools…

Great investigative work, as usual.

Small Blue-Green World

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.


%d bloggers like this: