Apple Tries to Cut off Security Firm's Server
It was recently revealed that Apple attempted to shut down a server belonging to the security firm that first discovered the Flashback malware. The process gave the public insight into how Apple handles third-party assistance.
According to Forbes
, Boris Sharov, the chief executive of the relatively unknown Russian security firm, Dr. Web, was notified by the web registrar Reggi.ru that Apple had requested the shut-down of a domain belonging to the Moscow company on claims that it was being used as a “command and control” for Macs affected by Flashback.
According to Sharov, “they told the registrar this [domain] is involved in a malicious scheme. Which would be true if we weren’t the ones controlling it and not doing any harm to users. This seems to mean that Apple is not considering our work as help. It’s just annoying them.” The domain that was being referred to was one of three Dr. Web was using to monitor the spread of Flashback in what researchers call a “sinkhole”, otherwise known as a spoofed command and control server. This technique allowed the firm to uncover the Trojan that has infected roughly 600,000 macs
Apple may have requested for the shutdown prematurely before investigating the background of the server, which is a common occurrence in this scenario. Sharov believes that this move was a mistake on Apple’s end. What makes the whole situation a bit more confusing is the fact that Apple likes to be secretive. It is being assumed that Apple is looking to put an end to Flashback by shutting down command and control servers. The Cupertino California company has even pushed two Java updates in the past week in an attempt to catch up with the malware, a move that some seem as being too little too late.
According to Sharov “The safety of Macintosh computers is going down very quickly and they’re thinking what to do next. They’re thinking about how to manage a future where Mac is no longer safe.”