There has been much discussion of the shutdown of the Kelihos botnet this week by Microsoft and Kaspersky. It is the third such action by the Microsoft Active Response for Security (MARS) initiave in recent memory.
Taking down botnets is always good news and even better Microsoft named an individual defendant in their US court case this time.
The owner of the cz.cc domain, Dominique Alexander Piatti, was named and Microsoft received permission from the court to disable the entire cz.cc domain and several other abused .com registrations.
cz.cc subdomains are frequently seen being used for all sorts of botnet control, fake anti-virus, spam sites and for other malicious purposes.
Some journalists were also commenting on Microsoft’s mention of the Mac Defender malware having been hosted on cz.cc domains. Some suggested that this would stop the criminals from targeting OS X users.
We have seen two new Trojans for OS X just this week which join botnets and can be used to steal sensitive data. One was built to look like a PDF file and the one Graham wrote about today pretended to be a Flash Player updater.
The sad fact is that Mac users are increasingly being targeted by these digital thugs and need to take security very seriously. Even without the threat from cz.cc domains Mac users should take advantage of our free Sophos Anti-Virus for Mac Home Edition.
The same as there are now botnets, data stealers and remote control malware for OS X, criminals will find domain name registration services other than cz.cc.
While all of us will be little safer without Kelihos and cz.cc, we still need to take security seriously for our own peace of mind (and data security).
Leave a reply