| ||Thread Tools|
|5th April 2013, 07:06||#1|
Join Date: May 2010
Krebs outs Apple Flashback hacker
Security expert Brian Krebs has identified the Russian hacker who made a fortune out of the poor security on Apple's operating system last year.
Despite claiming that only Windows machines suffered from malware, Apple was forced to release a software update to halt the spread of the Flashback worm last year.
More than 650,000 Mac OS X systems were exploited because of a vulnerability in Apple's version of Java.
Flashback was the first OS X malware to be "VMware aware" and know when it was being run in a virtual environment. It also was the first to disable XProtect, OS X's built-in malware protection program. All this made it for Macs as the common as the Conficker Worm was for Windows PCs.
It could have been a lot worse. All Flashback wanted to do was redirect Google results to third-party advertisers so that the author could make a lot of dosh. At one point he was making $10,000 a day which is nice money if you can get it.
It used a social engineering trick of presenting the OS X user with a bogus Flash Player installation prompt. Apple fanboys had been programmed to believe that they were totally safe because Apple software was totally secure. If any reporter mentioned how unsafe the OS was they received angry emails telling them that "no virus (sic) had ever been written for Apple gear."
Krebs took a year to track down the virus writer's author. He hangs out on many of the same forums as the world's top spammers and was an active and founding member of BlackSEO.com, a closely guarded Russian language forum dedicated to spam.
Working under the handle Mavook he claimed responsibility for creating Flashback to a senior forum member and was seen trying to gain access to another spam/hacker site Darkode.
Mavook said that his Darkode nickname should be not be easily tied back to his BlackSEO persona, and suggests the nickname "Macbook."
He also states that he is the "Creator of Flashback botnet for Macs," and that he specializes in "finding exploits and creating bots."
Mavook gives all sorts of details about his activities, which allowed Krebs to work out who he was. He found that his webpage was registered in 2005 by a Maxim Selikhanovich in Saransk, the capital city in Mordovia.
This name was used to gain several email addresses and was registered in the now defunct Website saransk-offline.com, which at one point sold cheap MP3 files.
One of the emails used by Maxim for that Website and a related site was "email@example.com," which was the same email used to register a now-deleted Facebook account under a Maxim Selikhanovich from Saransk.
One of the email addresses for Selikhanovich was firstname.lastname@example.org and the contact for a business in Saransk called mak-rm.com, the domain name registered to a IT-outsourcing and Web design firm in Saransk called the Mordovia Outsourcing Company. That domain is registered to a "Max D. Sell" in Saransk.
The Mordovia Outsourcing Company was registered and founded by one Maxim Dmitrievich Selihanovich, a 30-year-old from Saransk, Mordovia.
|Thread||Thread Starter||Forum||Replies||Last Post|
|JailbreakMe hacker Comex let go by Apple after failing to respond to offer letter||Stefan Mileschin||WebNews||0||22nd October 2012 08:32|
|Hacker forces Apple and Amazon to change security policies||Stefan Mileschin||WebNews||0||9th August 2012 06:31|
|Apple issues Leopard update with Flashback removal tool||Stefan Mileschin||WebNews||0||16th May 2012 06:38|
|Apple issues Flashback removal tool for 10.7 Lion systems not running Java||Stefan Mileschin||WebNews||0||16th April 2012 07:19|
|Apple Releases Update to Take Care of Flashback Malware||Stefan Mileschin||WebNews||0||16th April 2012 06:59|
|Apple releases fix for Flashback malware||Stefan Mileschin||WebNews||0||13th April 2012 07:21|
|More Than 600,000 Macs Infected With Flashback Botnet||Stefan Mileschin||WebNews||0||6th April 2012 06:55|
|Hacker could get up to 25 years||jmke||WebNews||0||23rd March 2010 10:30|
|FBI hacker was trying to get his job done||jmke||WebNews||0||7th July 2006 16:19|
|Hacker Elite||Sidney||WebNews||0||18th August 2004 07:20|