Apple tries to unplug an AV’s server

Boris Sharov, CEO of Russia-based AV vendor Dr. Web, says that Apple has got serious troubles in solving global security problems. Last week Dr. Web posted a report, according to which a Mac Trojan Flashback had infected more than 550 thousand hosts. Experts managed to extract this information by creating a fake C&C server and evaluating the IDs of machines that were trying to establish the connection to it.

Recently Boris Sharov learned from registrar Reggi.ru that Apple claimed one of Dr. Web’s domains is used as a Flashback С&C server and requested to shut it down. Obviously the domain in question was used by the AV vendor as “sinkhole” in order to monitor the amount of infected machines.

“They told the registrar this (domain) is involved in a malicious scheme. Which would be true if we weren’t the ones controlling it and not doing any harm to users,” states Sharov in an interview for Forbes. “This seems to mean that Apple is not considering our work as a help. It’s just annoying them.”

According to Dr. Web CEO, the attempt to unplug the monitoring server was a pure mistake, but it also was an indication of company’s tight-lipped attitude towards the security community. “We’ve given them all the data we have,” says Sharov. “We’ve heard nothing from them until this.”

Sharov mentioned that he understood Apple’s weird response to the work of his company. “These are not pleasant days for them. They’re not thinking about us. The safety of Macintosh computers is going down very quickly, and they’re thinking what to do next. They’re thinking about how to manage a future where the Mac is no longer safe” he states.