14 DAY TRIAL // Details about the recent scareware campaign which infected a lot of Mac computers suggest the involvement of the largest Russian online payment processor, ChronoPay.
The connection was made by IT security blogger Brian Krebs who has previously investigated ChronoPay and its CEO Pavel Vrublevsky.
ChronoPay's business in Russia is extensive. It is processing online payments for many legitimate firms, including airlines and utility companies.
However, the same services are offered to the shady people behind rogue online pharmacies, adult websites, counterfeit software and scareware operations.
In fact, Mr. Vrublevsky is believed to be running in-house scareware affiliate programs himself using ChronoPay's resources.
Evidence in this respect was uncovered in internal documents leaked last year by a hacker who penetrated the company's network.
According to Brian Krebs, the scareware campaign which has taken the Mac community by storm recently, bears the ChronoPay hallmarks.
The Mac Defender scareware and its variants were initially distributed from two domain names called mac-defence.com. and macbookprotection.com.
Both of those domains were registered using the contact email address [email protected], which Mr. Krebs says is owned by ChronoPay.
"Those documents [the ones leaked last year] show that ChronoPay owns the mail-eye.com domain and pays for the virtual servers in Germany that run it. The records also indicate that the [email protected] address belongs to ChronoPay’s financial controller Alexandra Volkova," he writes.
The security blogger reveals that appledefence.com and appleprodefence.com have also been registered with the same email address and are yet to be used in the scareware campaign.
The attack has caught Mac users largely unprepared and has resulted in a flood of support calls to Apple. The company has taken the extraordinary step of issuing malware manual removal instructions for the first time and promised to automatically uninstall the rogue programs via an upcoming system update.