I’ve already mentioned Brian Krebs’ article on how ChronoPay is implicated in the spread of fake AV for Mac.
Fahmida Y. Rashid has followed up for eWEEK on the story, and notes that the registration data for the domains mentioned in Brian’s article have changed:
“All the contact information appears to have been changed to “Crusader Inc” with a Yahoo e-mail address … the registrar, Czech-companyWebpoint.name, had suspended all these domains.”
Meanwhile, Shaun Nichols poses the question Mac Defender was a security wakeup call, but will Apple and OS X users answer?” Good question, and a thoughtful piece. I would take issue with this passage, perhaps:
“Some experts have suggested that attacks such as Mac Defender are somehow less of a threat because they spread by social engineering.”
I’d have to wonder about the claims to security expertise of anyone who thinks that social engineering isn’t a significant threat. Fortunately, Nichols clearly understands that this isn’t the case:
“While it is true that so-called zero-day attacks are very dangerous, social engineering attacks can be just as damaging.”
David Harley CITP FBCS CISSP
Small Blue-Green World
Excellent follow-up, David, I have been following this with earnest since it broke.
Cheers,
By: Randy Knobloch on May 29, 2011
at 04:24