Apple’s response to the Flashback botnet – Fail
Apple, it keeps telling us, is on top of security. Well, I used to give it the benefit of the doubt on that; but now I’m not so sure. What worries me is not the existence of a massive Mac botnet (Windows suffers from far more), nor even Apple’s response to the finder of the botnet, Russian firm Dr Web. “We’ve given them all the data we have,” said Dr Web’s chief executive Boris Sharov. Apple’s reply? Zilch – but that’s just arrogance, not really anything to worry about, just something we have to accommodate.
It’s the one thing that Apple actually did do that worries me.
The botnet was discovered by Russian firm Dr Web. Not exactly a big name in security, but a good one nevertheless. The company set up three sinkhole servers to help monitor the botnet, estimate its size – and perhaps take it down. Apple’s one actual response? It contacted Russian Web registrar Reggi.ru and asked for one of the servers to be shut down since it was engaged in malicious activity. It wasn’t – it was one of Dr Web’s sinkholes.
Dr Web’s CEO, Boris Sharov, thinks this was an honest mistake by Apple. I suspect it was a dishonest mistake. I suspect it was more to do with Apple attempting to maintain its carefully constructed facade of invulnerability. I suspect that if it had been one of the better known anti-malware companies that had discovered this 600,000 strong Mac botnet Apple would have reacted differently. Instead they thought they could keep quiet, try to shut down the botnet by taking down a C&C server and nobody would be any the wiser.
Instead the company has simply shown itself to be a child in an adult’s playground. Poor show, Apple.