Microsoft’s botnet shutdown won’t stop Mac malware


Microsoft Digital Crimes Unit logoThere has been much discussion of the shutdown of the Kelihos botnet this week by Microsoft and Kaspersky. It is the third such action by the Microsoft Active Response for Security (MARS) initiave in recent memory.

Taking down botnets is always good news and even better Microsoft named an individual defendant in their US court case this time.

The owner of the domain, Dominique Alexander Piatti, was named and Microsoft received permission from the court to disable the entire domain and several other abused .com registrations. subdomains are frequently seen being used for all sorts of botnet control, fake anti-virus, spam sites and for other malicious purposes.

Sophos Web Security logoSophosLabs have protected our Sophos Web Security Appliance and endpoint web customers from domains for quite some time due to the high number of dangerous sites.

Some journalists were also commenting on Microsoft’s mention of the Mac Defender malware having been hosted on domains. Some suggested that this would stop the criminals from targeting OS X users.

The vanishing of Mac Defender is much more likely the result of Pavel Vabrlevsky being arrested and other FBI fake anti-virus arrests.

We have seen two new Trojans for OS X just this week which join botnets and can be used to steal sensitive data. One was built to look like a PDF file and the one Graham wrote about today pretended to be a Flash Player updater.

The sad fact is that Mac users are increasingly being targeted by these digital thugs and need to take security very seriously. Even without the threat from domains Mac users should take advantage of our free Sophos Anti-Virus for Mac Home Edition.

The same as there are now botnets, data stealers and remote control malware for OS X, criminals will find domain name registration services other than

While all of us will be little safer without Kelihos and, we still need to take security seriously for our own peace of mind (and data security).