Dr. Web, a web security company that discovered the botnet infecting Mac computers, sent Apple all of their research. They did not hear back from Apple and did not acknowledge them for their research. Instead of repaying Dr. Web for their help, it turns out that Apple tried to shut down Dr. Web’s group monitoring service. They actually believe that Dr. Web was a part of the botnet, but the company created a spoofed machine to collect as much data on the attack as possible.
According to Forbes:
Boris Sharov, chief executive of the Moscow-based security Dr. Web says he learned Monday from the Russian Web registrar Reggi.ru that Apple had requested the registrar shut down one of its domains, which Apple said was being used as a “command and control” server for the hundreds of thousands of PCs infected with Flashback. In fact, that domain was one of three that Dr. Web has been using as a spoofed command and control server?what researchers call a “sinkhole”?to monitor the collection of hijacked machines and try to understand their behavior, the technique which allowed the firm to first report the size of Apple’s botnet last week.
Forbes said that not many people had heard of Dr. Web before so it is possible that Apple was trying to play it safe. Something still seems off about Apple’s actions though. It appears that they want to control some of the bad press they were hit with.