Forgot your password?
typodupeerror
Security Apple

Russian Cyber Criminal Unmasked As Creator of "Most Successful" Apple Malware 68

Posted by samzenpus
from the who's-to-blame dept.
DavidGilbert99 writes "It was the malware which affected as many Apple computers as the Conficker worm affected Windows PCs and earned its creator up to $10,000 per day. Until now, no one know who was behind the Flashback Trojan which hit 650,000 computers last year, but security researcher Brian Krebs has managed to uncover the creator as a 30-year-old Russian cyber criminal."
This discussion has been archived. No new comments can be posted.

Russian Cyber Criminal Unmasked As Creator of "Most Successful" Apple Malware

Comments Filter:
  • by Nyder (754090) on Thursday April 04, 2013 @12:49AM (#43354999) Journal

    based on how they go after prototypes that get lost, you'd think they got an iDrone heading his way....

    • by PapayaSF (721268) on Thursday April 04, 2013 @01:37AM (#43355137) Journal

      I wouldn't shed a tear if malware authors and spammers started having fatal accidents. In fact, I'd love it if some tech billionaire had a private hit squad for just that purpose.

      • Re: (Score:3, Interesting)

        by Anonymous Coward

        Well, if you ever have jury duty, I really hope you do try to get out of it. If all else fails, show them this comment and how you believe thats correct action.

      • by srussia (884021) on Thursday April 04, 2013 @01:55AM (#43355185)

        In fact, I'd love it if some tech billionaire had a private hit squad for just that purpose.

        "I don't need no stinkin' hit squad! -- John McAfee

      • by tehcyder (746570) on Thursday April 04, 2013 @05:05AM (#43355783) Journal

        I wouldn't shed a tear if malware authors and spammers started having fatal accidents. In fact, I'd love it if some tech billionaire had a private hit squad for just that purpose.

        Indeed, I think they should being back public hanging (and disembowelling) for anyone caught stealing anything worth more than a loaf of bread. Those were the days! A nice family day out at Tyburn Tree, and if you were lucky they got the rope length wrong and someone's head was ripped clean off.

        Proportionality is everything.

      • Well, that wouldn't be nearly as cool as assembling a posse of nerd Avengers and publicly humiliate the damn bastard in the most awesomely creative way possible. The guilty should live if for no other reason than to suffer the ridicule and retribution of those who've been harmed by said malware.
        • by DarkOx (621550)

          grief the griefers is at least a proportional response.

        • by tqk (413719)

          The guilty should live if for no other reason than to suffer the ridicule ...

          Ridicule? $10,000/day and more than half a million computers pwned, he succeeded way beyond his wildest dreams! We can only dream about making a mark that big. No, I don't like malware and spam, but I do appreciate he did what he set out to do, spectacularly. Had I chosen that as a goal, I'd be beaming with pride right now.

      • by ls671 (1122017)

        Then, government agencies would tend to be the only game in town remaining and we may not hear about the need to patch our systems anymore.

      • You are sick if you equate minor inconvenience with your precious Mac computer and a loss of human life.

        • Unfortunately, most people will pay a lot more for Mac computers than they are prepared to pay to prevent human deaths across the world.
        • If people like this make the conscious decision to annoy and possibly wreck other people's lives just for some cash, why should we care about them and what happens to them? Obviously they have made the choice to not live within the common bounds of society and instead have taken to theft and possibly destruction.

          What harm can there be by getting rid of such people rather than having to constantly spend our time and money to undo what they have done?

          • by tqk (413719)

            What harm can there be by getting rid of such people rather than having to constantly spend our time and money to undo what they have done?

            If you're constantly spending time and money undoing what they've done, you're doin' it wrong. You're saying the wall around the Walled Garden is one foot high. People like this are doing you a service showing you how vulnerable you really are.

            Obviously they have made the choice to not live within the common bounds of society ...

            Somebody needs to read Thoreau.

            • by the_B0fh (208483)

              You travel to work in a tank, and have a fully armored environmental suit on at all times right? Because anyone can walk up to you and show you how vulnerable you are at any time.

              This has got to be one of the stupidest arguments against it.

              • by tqk (413719)

                You travel to work in a tank, and have a fully armored environmental suit on at all times right?

                That's the best description of *nix I've seen in a while, thanks.

                Because anyone can walk up to you and show you how vulnerable you are at any time.

                I've no doubt they try. So far, so good. What'd you pay for that foot high walled garden you put your trust in?

                • by operagost (62405)

                  Is your *nix "tank" one on this list? Mind you, this is just the vulnerabilities from one week. Enjoy!

                  QID Sev. Title
                  121024 V 3 Red Hat Update for krb5 (RHSA-2013... (CVE-2012-1016, RHSA-2...)
                  121021 V 3 Solaris Multiple Vulnerabili... (CVE-2012-2733, Solari...) [PCI]
                  121022 V 3 Solaris Multiple Vulnerabili... (CVE-2012-2807, Solari...) [PCI]
                  195324 V 4 Ubuntu Security Notification for L... (CVE-2012-4461, USN-16...)
                  195325 V 4 Ubuntu Security Notification... (CVE-2013-0743, USN-16...) [PCI]
                  195326 V 4

                • You travel to work in a tank, and have a fully armored environmental suit on at all times right?

                  That's the best description of *nix I've seen in a while, thanks.

                  Because anyone can walk up to you and show you how vulnerable you are at any time.

                  I've no doubt they try. So far, so good. What'd you pay for that foot high walled garden you put your trust in?

                  I don't know what is more facepalmier about your post, that fact that you seem to be ignorant to the fact that Mac OS X is *nix, or that you think that thanks to *nix you are safe from harm despite the fact that several people have been "doing you a service showing you how vulnerable you really are", as you put it.

                  Then again, the second is certainly it. The smugness of a Linux user proclaiming how smug Mac users are about security just can't be beaten.

      • by monzie (729782)

        Surely you don't want human beings DYING for spamming. I hate spam and spammers but that does sound a bit over the top.

    • based on how they go after prototypes that get lost, you'd think they got an iDrone heading his way....

      In this case there was no prototype "lost" by the marketing department.

    • by mwvdlee (775178)

      Why? Unlike the lost prototypes, this malware has no positive marketing value, so no need for Apple to bring it to the public attention any more.

    • They have to be that way otherwise Samsung will just rip them off that much faster.

  • by fustakrakich (1673220) on Thursday April 04, 2013 @12:51AM (#43355003) Journal

    Does this mean we won't hear the word 'hacker' anymore?

  • by slackware 3.6 (2524328) on Thursday April 04, 2013 @01:01AM (#43355023)
    I had this nice Russian fellow spoofing my email to spam others when I discovered this (thanks to an email from an ISP admin in Denmark) I figured out who he was through his ISP in the Ukraine. I then proceded to phone him at 3am his time every day for weeks. It was awesome. Then after his wife stopped answering the phone and some complaints to his Ukraine ISP his internet service was canceled.
    • by noh8rz10 (2716597)
      For realsies? That is really impressive.
    • by Anonymous Coward

      Are you sure his computer was not cracked or part of a botnet?

      • If it was than I did him a favour and notifed him his identity was being used the register several questionable domain names.
    • by qaz123 (2841887)
      If he is in the Ukraine, why do you call him Russian?
    • by Anonymous Coward
      If possible pretend you're his gf/mistress when speaking to his wife...

      But if you do that you'd better cover your tracks - coz he might get extremely upset ;).
      • by roman_mir (125474)

        Ronaiah Tuiasosopo, is that you?

      • I assume it was his wife. Could have been his mom. She would get mad and start yelling then put the dude on the phone and I would yell at him. There was a language barrier. They spoke bad English and i can only speak words and phrases in Ukraine. Also this was years ago when the internet was way different.
  • Mavook was seeking access to an English-language cyber-crime forum....Uh huh...

    Ah yes, operator, can you connect me with the nearest English-language cyber-crime forum please?... One ringy-dingy, two ringy-dingy, three ringy-dingy..... "You have reached the FBI central call center, All our operators are with another client right now. If you wait on the line, your call will taken in the order received".. click...

    The whole thing sounds like a cheap novel.

  • Bad summary (Score:5, Informative)

    by Macman408 (1308925) on Thursday April 04, 2013 @01:16AM (#43355075)

    The summary says: "It was the malware which affected as many Apple computers as the Conficker worm affected Windows PCs..."
    This is obviously inaccurately rewritten from what Krebs said, which is "...Flashback [was] roughly as common for Macs as the Conficker Worm was for Windows PCs."

    Those are not equivalent statements. The summary is equating raw numbers, while TFA is equating percentages.

    Sorry, I just read that sentence and thought "no way in hell is that true." As confirmation, Wikipedia says Flashback hit 600,000 Macs [wikipedia.org], while Conficker infected between 9 and 15 million PCs [wikipedia.org].

    • The summary says: "It was the malware which affected as many Apple computers as the Conficker worm affected Windows PCs..."
      This is obviously inaccurately rewritten from what Krebs said, which is "...Flashback [was] roughly as common for Macs as the Conficker Worm was for Windows PCs."

      Those are not equivalent statements. The summary is equating raw numbers, while TFA is equating percentages.

      Sorry, I just read that sentence and thought "no way in hell is that true." As confirmation, Wikipedia says Flashback hit 600,000 Macs [wikipedia.org], while Conficker infected between 9 and 15 million PCs [wikipedia.org].

      It should also be noted that Conficker wasn't the malware with the largest number of infections (which has often been claimed when that comparison was first made a year ago), let alone percentage of infected computers. That honor belongs to the ILOVEYOU virus [wikipedia.org] from 2000.

      " Within ten days, over fifty million infections had been reported,[6] and it is estimated that 10% of internet-connected computers in the world had been affected."

    • The summary says: "It was the malware which affected as many Apple computers as the Conficker worm affected Windows PCs..." This is obviously inaccurately rewritten from what Krebs said, which is "...Flashback [was] roughly as common for Macs as the Conficker Worm was for Windows PCs."

      Those are not equivalent statements. The summary is equating raw numbers, while TFA is equating percentages.

      Sorry, I just read that sentence and thought "no way in hell is that true." As confirmation, Wikipedia says Flashback hit 600,000 Macs [wikipedia.org], while Conficker infected between 9 and 15 million PCs [wikipedia.org].

      You are right the summary can be interpreted as meaning actual numbers and not percentages. I didn't read it that way but maybe because I knew from before that Mac Flashback is the biggest malware epidemic in modern times in terms of percentage of user base affected (most accounts actually have it "beating" Conficker on Windows [pcworld.com]).

      Of course the Windows user base is much bigger. But percentage of user base affected is the right metric to use if you want to look at risk of infection and infectability on a pla

      • by Anonymous Coward

        You are right the summary can be interpreted as meaning actual numbers and not percentages.

        It's not a matter of interpretation, that's what it says: "affected as many Apple computers as the Conficker worm affected Windows PCs".

        This is still not a comparison Windows vs Mac in general, just the worst case from each platform

        Actually that's exactly what the statement was. And frankly, I'm getting more than a little tired of hearing about it. Comparing all Windows versions to all Mac versions makes no more sense then arguing about which automobile maker has a better mile-per-gallon rating and including every model they've ever made in history.

        But it should be a much bigger wake-up call to the "Mac can't be infected" people than it was.

        It won't be. Those people survive by consuming rhetor

  • and if the developer was a truly genius malware creator, then maxim is shitting his pants because it really wasn't him.
  • 1. All that was mentioned is, that the person claimed to be an author of Flashback in a private message on a board for malware authors.

    2. Translation is the image wrong. It says "I specialize in finding exploits and creating bots". Original Russian text is "[my] specialty is creating exploits and bots". The whole exchange is about the person communicating with mavook mentioning something that may be "stilll relevant" asking mavook how he would want to be introduced:

    Hi!
    Is it still relevant?
    If so, respond with something like, nick, area of activity (how to introduce you).
    We will solve the problem in 2-3 days.

    mavook responds:

    any random nick macbook for example
    creator of flashback botnet for macs
    specialty is creating exploits and bots

    (Capitalization and punctu

  • So what is Brian Krebs doing right that the Russian security services can't manage. Are they that useless?

    • Not useless, complicit.

      Regarding the FSB, "There is no such thing as a former Chekist."- Vladimir Putin

    • Sure, multiple squads of Russian police are on their way now to arrest mavook! Just tell them that the only evidence that he is the creator of flashback is his forum signature.

      • by fazey (2806709)
        Until he simply leaves them a significant bribe in a care package. Then they make up a story that he was killed in the arrest.
  • by fazey (2806709)
    I love how security researchers go "OMG I FOUND HIM... because he told me he made it."

    btw, I made microsoft windows.

"The value of marriage is not that adults produce children, but that children produce adults." -- Peter De Vries

Working...