…and, back on the MacDefender case (yawn…) …
- bleepingcomputer.com has removal guides for several variants, plus a removal tool courtesy of Lawrence Abrams. I haven’t checked them out personally, but I’ve no doubt they’ll be carefully done, as usual. The guides are linked from Security Garden: thanks, Corrine, for the pointer update. Also to Randy Knobloch for his continuing and valued input: interesting that so much of the useful information on this stuff is coming from MS-qualified professionals. I can’t say I’ve noticed a similar information flow the other way with respect to Windows problems. 😉
- Brian Krebs also weighs in (hat tip to @virusbtn for flagging his article). While he neatly summarizes some of the issues, two of the really interesting angles are that:
- The money trail goes back to Chronopay, a huge online payment processing operation in Russia and a long-time player in the fake AV market.
- He’s noted a couple of domain names not used yet(appledefence.com and appleprodefence.com) that suggest fake product names in the pipeline. Interesting that the names use the UK-ish spelling *defence rather than the USian *defense. I wouldn’t have thought that Russian gangs favour UK finishing schools…
Great investigative work, as usual.
David Harley CITP FBCS CISSP
Small Blue-Green World
Leave a Reply