Dr Mac is the security firm that discovered last week’s all-Mac botnet, something that is pretty unprecedented for the operating system. After sending Apple the findings of their research, Dr Mac heard nothing. And while it technically has yet to acknowledge Dr Mac at all, the fact that Apple attempted to nix the group’s monitoring servers shut down suggests it’s very aware of the situation.
According to Forbes, Apple believed Dr Web to be part of the botnet, when in reality, it had set up a spoofed machine to collected as much data on the attack as it could.
Boris Sharov, chief executive of the Moscow-based security Dr. Web says he learned Monday from the Russian Web registrar Reggi.ru that Apple had requested the registrar shut down one of its domains, which Apple said was being used as a “command and control” server for the hundreds of thousands of PCs infected with Flashback. In fact, that domain was one of three that Dr. Web has been using as a spoofed command and control server–what researchers call a “sinkhole”–to monitor the collection of hijacked machines and try to understand their behaviour, the technique which allowed the firm to first report the size of Apple’s botnet last week.
Forbes points out that not many had heard of Dr Web before this, and that it’s very possible Apple was just playing it safe. But considering Apple has the ability to track down the source of even the smallest info leaks, you’d think it’d be able to properly figure out what Dr. Web is about, no? [Dr Web via Forbes]