Boris Sharov, chief executive of the relatively unknown Russian security firm Dr. Web, was notified by web registrar Reggi.ru on Monday that Apple had requested the shut-down of a domain belonging to the Moscow company on claims that it was being used as a "command and control" for Macs affected by Flashback, reports Forbes.
âThey told the registrar this [domain] is involved in a malicious scheme. Which would be true if we werenât the ones controlling it and not doing any harm to users,â Sharov said. âThis seems to mean that Apple is not considering our work as a help. Itâs just annoying them.â
The domain in question was one of three Dr. Web was using to monitor the spread of Flashback in what researchers call a "sinkhole," or a spoofed command and control server. This technique allowed the firm to first uncover the trojan that has so far rooted into an estimated 600,000 machines, more than one percent of all operating Macs.
Apple may have prematurely requested the shutdown, which is standard practice in this type of security scenario, before further investigating the background of the server and Sharov believes that the move was merely a mistake.
Adding to the confusion is Apple's notoriously secretive nature. Sharov said that his company has dealt with the oft-maligned Microsoft on similar situations which, unlike Apple, has fostered fruitful working relationships with outside security firms. Apple has not seen a botnet of this scope and therefore does not share the same ties with outside security sources, he adds.
âFor Microsoft, we have all the security response teamâs addresses,â Sharov said. âWe donât know the antivirus group inside Apple.â
Dr. Web chief executive Boris Sharov. | Source: Forbes
By shutting down command and control servers, Apple is looking to quash Flashback, which in its current iteration has created a worldwide botnet by exploiting an unpatched Java vulnerability.
Apple recently pushed out two successive Java updates last week in an attempt to catch up with the malware, but some see the move as too little too late.
âTheir response should have been much earlier when they should have updated their Java,â Sharov said. âNow calling registrars to shut down domains is not as important. The infection has already taken place. There are dozens of domains [controlling] the botnet. Shutting down one does nothing.â
Apple remains closed for comment, and hasn't released any official statement regarding Flashback.
âThese are not pleasant days for them,â Sharov said. âTheyâre not thinking about us. The safety of Macintosh computers is going down very quickly, and theyâre thinking what to do next. Theyâre thinking about how to manage a future where the Mac is no longer safe.â