SECURITY WRITER BRIAN KREBS MAY HAVE FOUND A LINK CONNECTING RUSSIAN PAYMENT PROCESSOR CHRONOPAY WITH SOME OF THE RECENT MAC SCAREWARE SOFTWARE IN CIRCULATION.
It appears that a Russian online payment company may be behind the rogue antivirus MacDefender scam that has dominated security headlines for the past few weeks.
A few days after the first attacks surfaced, users on Apple support forums reported that the Mac malware was directing them to mac-defence.com and macbookprotection.com to pay for the scareware, wrote Brian Krebs on May 27 on his Krebs on Security blog. Both of these domains have the “distinct fingerprint” of ChronoPay in their registration records, according to Krebs.
[attachment=352]
Both domains included the contact address fc@mail-eye.com in the WHOIS information, Krebs found. Several internal documents and emails were leaked after ChronoPay suffered a security breach last year, and those documents revealed that the company owns the mail-eye.com domain and operates it using virtual servers in Germany, according to Krebs. The records also indicated that the email address belonged to ChronoPay’s financial controller Alexandra Volkova. Krebs identified multiple Mac-security related domains that have not shown up in rogue antivirus scams, such as appledefence.com and appleprodefence.com.
More details -
link