Russian payment firm could be behind Mac Defender scam

Evidence is mounting that a Russian payment processing firm may be behind the Mac Defender malware scam that has suddenly brought the issue of Mac viruses into the limelight. Security researchers at Microsoft noted that the software shares some similarities to fake antivirus products intended for Windows machines.

Security researcher Brian Krebs has also been able to trace back the application to ChronoPay, a firm that has been involved in scareware scams in the past. Krebs scanned the WHOIS information of domains that victims were being sent to, and found contact e-mails matching that of other ChronoPay-linked domains.

The email address "[email protected]" is known to belong to the site's financial backer Alexandra Volkova. ChronoPay owns the mail-eye.com domain, and is also the registrant of the scam domains victims of the Mac Defender scam are being sent to.

Microsoft's findings validates Krebs', by noting the payment pages for Mac Defender are nearly identical to those of its Windows counterparts. Those applications are already known to have originated from those linked to ChronoPay.

It is not clear what, if anything, Apple may be able to do now that the identity of those behind the malware attacks, that have shaken the ironclast image of the Mac OS, are known. Since ChronoPay is Russian-based, Apple will likely need to fight the company in Russian courts.

While the country has done much to curb issues of piracy and other Internet crimes within its borders, actual enforcement of laws on the books hasn't been so successful. The record industry's long fight with AllofMP3 in the middle of the last decade is a good example.

In the meantime, all Apple can do is to continue to educate consumers, which it has started to do by acknowledging the malware's existence and giving tips on how to remove it. The company may have to act quicker, though: new variants are making it easier than ever to get infected.