Follow Us

We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message

Russian coder caught boasting about creating Flashback Mac Trojan

Security blogger tracks down name

Article comments

Prominent security blogger Brian Krebs has traced a Russian coder who appears to be happily taking credit for the most successful example of Mac OS X malware in history, last year's infamous Flashback Trojan.

Krebs said he spotted an individual using the ‘Mavook’ nickname a year ago on a Russian language forum dedicated to black hat SEO.

Mavook, it turned out, had listed Flashback as one of his accomplishments when trying to join another invite-only forum, an easy boast perhaps but not one that would be easy to pass off in the sort of company that frequents such places.

Connecting him to the domain, Krebs discovered that although the person registering  this domain was now hidden behind Whois privacy protection, he was still able to identify an individual from the Russian city of Saransk using older lookups.

Krebs also ties the named 30 year-old man to a defunct website and an outsourcing firm that a Russian contact was able to confirm had been founded by the suspect.

Is the individual named by Krebs really the culprit or someone who might be because they mentioned it as part of their CV?

The methodology is reasonable, the stream of clues tantalising, and it would confirm the widespread assumption (including by Russian security firms) that a Russian coder was behind the malware.

However, Krebs stops short of accusing the man directly in his carefully-worded analysis. Few suspected cybercriminals from Russia and its environs are ever detained or even investigated by police in those countries so corroborating evidence is unlikely to appear.

Flashback did achieve something that PC advocates had conspicuously failed to do in a decade of trying, namely undermine the illusion that Apple’s computers are immune to serious malware.

As subsequently became clear, Flashback’s purpose was simple click fraud that probably made its author a fairly modest sum by cybercriminal standards after security companies nixed its command & control servers before payments could be tallied.

Ironically, the PC focus of most security vendors was one factor that meant the issue went under-reported until it had grown to as many as 850,000 infections, a gigantic number by previous Mac standards.

Flashback was first picked up by Mac security company Intego and Russian company Dr Web in late 2011 but by early 2012 infections had soared.

Overwhelmingly its Mac victims were unprotected by security software that might have caught it - easy meat in other words. Its scale only became apparent when security firms broke into the command & control.

Things got bad enough for Apple-happy Oxford University’s IT department to issue a public notice on the scale of infections it had suffered among students and faculty members.


More from Techworld

More relevant IT news


Send to a friend

Email this article to a friend or colleague:

PLEASE NOTE: Your name is used only to let the recipient know who sent the story, and in case of transmission error. Both your name and the recipient's name and address will not be used for any other purpose.

Techworld White Papers

Choose – and Choose Wisely – the Right MSP for Your SMB

End users need a technology partner that provides transparency, enables productivity, delivers...

Download Whitepaper

10 Effective Habits of Indispensable IT Departments

It’s no secret that responsibilities are growing while budgets continue to shrink. Download this...

Download Whitepaper

Gartner Magic Quadrant for Enterprise Information Archiving

Enterprise information archiving is contributing to organisational needs for e-discovery and...

Download Whitepaper

Advancing the state of virtualised backups

Dell Software’s vRanger is a veteran of the virtualisation specific backup market. It was the...

Download Whitepaper

Techworld UK - Technology - Business

Innovation, productivity, agility and profit

Watch this on demand webinar which explores IT innovation, managed print services and business agility.

Techworld Mobile Site

Access Techworld's content on the move

Get the latest news, product reviews and downloads on your mobile device with Techworld's mobile site.

Find out more...

From Wow to How : Making mobile and cloud work for you

On demand Biztech Briefing - Learn how to effectively deliver mobile work styles and cloud services together.

Watch now...

Site Map

* *