As a Show of Gratitude for Discovering the Mac Botnet, Apple Tries to Shut Down Dr. Web's Virus Monitoring Servers

We may earn a commission from links on this page.

Dr. Web is the security firm that discovered last week's all-Mac botnet, something that is pretty unprecedented for the operating system. After sending Apple the findings of their research, Dr. Web heard nothing. And while it technically has yet to acknowledge Dr. Web at all, the fact that Apple attempted to nix the group's monitoring servers shut down suggests it's very aware of the situation.

According to Forbes, Apple believed Dr. Web to be part of the botnet, when in reality, it had set up a spoofed machine to collect as much data on the attack as it could.

Boris Sharov, chief executive of the Moscow-based security Dr. Web says he learned Monday from the Russian Web registrar that Apple had requested the registrar shut down one of its domains, which Apple said was being used as a "command and control" server for the hundreds of thousands of PCs infected with Flashback. In fact, that domain was one of three that Dr. Web has been using as a spoofed command and control server–what researchers call a "sinkhole"–to monitor the collection of hijacked machines and try to understand their behavior, the technique which allowed the firm to first report the size of Apple's botnet last week.


Forbes points out that not many had heard of Dr. Web before this, and that it's very possible Apple was just playing it safe. But considering Apple has the ability to track down the source of even the smallest info leaks, you'd think it'd be able to properly figure out what Dr. Web is about, no? [Dr. Web via Forbes]