Posted by: David Harley | May 28, 2011

Follow the money when it changes address

I’ve already mentioned Brian Krebs’ article on how ChronoPay is implicated in the spread of fake AV for Mac.

Fahmida Y. Rashid has followed up for eWEEK on the story, and notes that the registration data for the domains mentioned in Brian’s article have changed:

“All the contact information appears to have been changed to “Crusader Inc” with a Yahoo e-mail address … the registrar,, had suspended all these domains.”

Meanwhile, Shaun Nichols poses the question Mac Defender was a security wakeup call, but will Apple and OS X users answer?” Good question, and a thoughtful piece. I would take issue with this passage, perhaps:

“Some experts have suggested that attacks such as Mac Defender are somehow less of a threat because they spread by social engineering.”

I’d have to wonder about the claims to security expertise of anyone who thinks that social engineering isn’t a significant threat. Fortunately, Nichols clearly understands that this isn’t the case:

“While it is true that so-called zero-day attacks are very dangerous, social engineering attacks can be just as damaging.”

Small Blue-Green World 


  1. Excellent follow-up, David, I have been following this with earnest since it broke.


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.


%d bloggers like this: