Last week, Apple’s security woes made the news when security researchers found that over half a million Macs are currently infected with a malware called Flashback which works to incorporate affected machines into a botnet.
Now comes word that Apple had mistakenly, or at least we hope, to take down one of the domains registered to the security firm which first publicized the problem.
Boris Sharov, chief executive of the Moscow-based security Dr. Web says he learned Monday from the Russian Web registrar Reggi.ru that Apple had requested the registrar shut down one of its domains, which Apple said was being used as a “command and control” server for the hundreds of thousands of PCs infected with Flashback. In fact, that domain was one of three that Dr. Web has been using as a spoofed command and control server–what researchers call a “sinkhole”–to monitor the collection of hijacked machines and try to understand their behavior, the technique which allowed the firm to first report the size of Apple’s botnet last week.
Sharov said that Apple told the registrar that his domain was involved in malicious activity, which leads Sharov to believe that either Apple doesn’t get what it’s doing or finds his company’s work ‘annoying’.
What’s more, and perhaps symptomatic of Apple’s “don’t contact us, we’ll contact you” approach to just about everything, Sharov notes that Dr. Web actually contacted Apple to share its findings and still hasn’t heard back. But to be fair, the article notes that Apple may simply not have been familiar with the research firm Dr. Web. And to be honest, the name does almost seem like a hoax, but I digress.
In any event, Apple last week did release two OS X patches to fix the Java vulnerability the Flashback malware was taking advantage of.