Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.


12:29 PM
Connect Directly

Cybercriminals Offer 43 Cents For An Infected Mac

Sophos researcher offers a peek at the inner workings of an infamous Russian affiliate network

Good news for Mac users: An infected OS X is still not as profitable to cybercriminals as an infected Windows machine.

But the bad news is that the bad guys are looking at infected Macs as a potential money-maker. Sophos researcher Dmitry Samosseiko at the Virus Bulletin conference in Geneva this week gave an inside view of the Russian "partnerka," a network of cybercrime affiliates who spew spam and malware (think "Canadian Pharmacy" Website) -- including information on one black market Website that a few months ago offered 43 cents per infected Mac OS X machine, which was at least 10 cents less than what infected Windows machines were going for in the cyber underground at the time.

The Website offering the deal, MacCodec.com, also provided malware-laced phony video players to help the affiliates infect the Macs. The site has since disappeared from the Web, according to Sophos.

"Mac users are not immune to the scareware threat. In fact, there are 'codec-partnerka' dedicated to the sale and promotion of fake Mac software," Samosseiko wrote in his research paper (PDF).

A partnerka contains hundreds of affiliate networks that sell fake watches, fake antivirus, fake prescription pills, and other online scams, according to Samosseiko. "The affiliate networks focused on the promotion of illegal products are part of a growing multimillion dollar 'industry.' Affiliate web marketing also became the main driving force behind the recent explosion in malware, website infections, email spam and general web pollution," he wrote.

But the good news is pressure from researchers, law enforcement, and hosting companies is forcing some of the scareware operations to go deeper underground or shut down altogether, he says.

Meanwhile, Mac users shouldn't celebrate too soon: "The growing evidence of financially motivated criminals looking at Apple Macs as well as Windows as a market for their activities, is not good news. Especially as so many Mac users currently have no anti-malware protection in place at all," blogged Sophos' Graham Cluley yesterday.

Have a comment on this story? Please click "Discuss" below. If you'd like to contact Dark Reading's editors directly, send us a message. Kelly Jackson Higgins is the Executive Editor of Dark Reading. She is an award-winning veteran technology and business journalist with more than two decades of experience in reporting and editing for various publications, including Network Computing, Secure Enterprise ... View Full Bio

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
Stop Defending Everything
Kevin Kurzawa, Senior Information Security Auditor,  2/12/2020
Small Business Security: 5 Tips on How and Where to Start
Mike Puglia, Chief Strategy Officer at Kaseya,  2/13/2020
Architectural Analysis IDs 78 Specific Risks in Machine-Learning Systems
Jai Vijayan, Contributing Writer,  2/13/2020
Register for Dark Reading Newsletters
White Papers
Cartoon Contest
Current Issue
6 Emerging Cyber Threats That Enterprises Face in 2020
This Tech Digest gives an in-depth look at six emerging cyber threats that enterprises could face in 2020. Download your copy today!
Flash Poll
How Enterprises Are Developing and Maintaining Secure Applications
How Enterprises Are Developing and Maintaining Secure Applications
The concept of application security is well known, but application security testing and remediation processes remain unbalanced. Most organizations are confident in their approach to AppSec, although others seem to have no approach at all. Read this report to find out more.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2020-02-16
Dolibarr 11.0 allows XSS via the joinfiles, topic, or code parameter, or the HTTP Referer header.
PUBLISHED: 2020-02-16
Arvato Skillpipe 3.0 allows attackers to bypass intended print restrictions by deleting <div id="watermark"> from the HTML source code.
PUBLISHED: 2020-02-16
Codoforum 4.8.8 allows self-XSS via the title of a new topic.
PUBLISHED: 2020-02-16
A cross-site scripting (XSS) vulnerability in the Import People functionality in Gluu Identity Configuration 4.0 allows remote attackers to inject arbitrary web script or HTML via the filename parameter.
PUBLISHED: 2020-02-16
Goverlan Reach Console before 9.50, Goverlan Reach Server before 3.50, and Goverlan Client Agent before 9.20.50 have an Untrusted Search Path that leads to Command Injection and Local Privilege Escalation via DLL hijacking.