Andy Greenberg for Forbes:
Locating and shutting down command and control servers is typical practice for a company trying to behead and cripple a botnet targeting its computers. Sharov says that Dr. Web has worked with Microsoft several times in the past on those efforts. But Apple, which has never dealt with a botnet the size of the Flashback infection, has fewer ties to firms like Dr. Web, Sharov says. “For Microsoft, we have all the security response team’s addresses,” he says. “We don’t know the antivirus group inside Apple.”
Dr. Web, a Russian software security firm responsible for discovering the size of the Flashback botnet, was operating a spoofed Flashback command-and-control server. Apple told Dr. Web’s ISP to shut it down, apparently not understanding the system was a “sinkhole,” a system used “to monitor the collection of hijacked machines,” according to the report.
Apple is also taking criticism for the security community for not reacting fast enough to stop Flashback in its tracks – the Java security exploit that enables the malware to work was patched by Oracle in February, and Apple is only now getting around to distributing a patch for its own Java software.
This isn’t the first time Apple has egg on its face for mishandling a security issue. As Tim Cook remolds Apple to be more responsible and transparent on issues like its supply chain, this would be another good area for him to invest some effort into changing.