Microsoft's botnet shutdown won't stop Mac malware

Filed Under: Apple, Botnet, Data loss, Featured, Law & order, Malware, Microsoft, OS X, Spam

Microsoft Digital Crimes Unit logoThere has been much discussion of the shutdown of the Kelihos botnet this week by Microsoft and Kaspersky. It is the third such action by the Microsoft Active Response for Security (MARS) initiave in recent memory.

Taking down botnets is always good news and even better Microsoft named an individual defendant in their US court case this time.

The owner of the cz.cc domain, Dominique Alexander Piatti, was named and Microsoft received permission from the court to disable the entire cz.cc domain and several other abused .com registrations.

cz.cc subdomains are frequently seen being used for all sorts of botnet control, fake anti-virus, spam sites and for other malicious purposes.

Sophos Web Security logoSophosLabs have protected our Sophos Web Security Appliance and endpoint web customers from cz.cc domains for quite some time due to the high number of dangerous sites.

Some journalists were also commenting on Microsoft's mention of the Mac Defender malware having been hosted on cz.cc domains. Some suggested that this would stop the criminals from targeting OS X users.

The vanishing of Mac Defender is much more likely the result of Pavel Vabrlevsky being arrested and other FBI fake anti-virus arrests.

We have seen two new Trojans for OS X just this week which join botnets and can be used to steal sensitive data. One was built to look like a PDF file and the one Graham wrote about today pretended to be a Flash Player updater.

The sad fact is that Mac users are increasingly being targeted by these digital thugs and need to take security very seriously. Even without the threat from cz.cc domains Mac users should take advantage of our free Sophos Anti-Virus for Mac Home Edition.

The same as there are now botnets, data stealers and remote control malware for OS X, criminals will find domain name registration services other than cz.cc.

While all of us will be little safer without Kelihos and cz.cc, we still need to take security seriously for our own peace of mind (and data security).

, , , , , , , ,

You might like

4 Responses to Microsoft's botnet shutdown won't stop Mac malware

  1. Vito · 937 days ago

    Thanks to Sophos for SAV for Mac Home Edition...and for continuing to carry to Mac users the message that they cannot afford to be complacent about security.

  2. Jon · 936 days ago

    I applaud any efforts to improve security and I fully understand that a large number of Mac users seem to think they are immune to any sort of threat. I can't help but wonder why Mac users are getting offered a freebie though. How is this being paid for? I feel as though I'm subsidizing these users.

  3. Hoop · 936 days ago

    True, Mac users are just as vulnerable (if not more) than anyone else because of their false sense of security.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

About the author

Chester Wisniewski is a Senior Security Advisor at Sophos Canada. He provides advice and insight into the latest threats for security and IT professionals with the goal of providing clear guidance on complex topics. You can follow Chester on Twitter as @chetwisniewski, on App.net as Chester, Chester Wisniewski on Google Plus or send him an email at chesterw@sophos.com.