Culprit Behind Mac Flashback Malware Ousted by Security Researcher

Back in April of 2012 the malware threat known as Flashback, exclusively targeting Mac OS X systems, was on the run infecting over 600,000 Mac computers but now has had its alleged creator revealed through the work of a security researcher.

The Flashback malware is one threat to go down in history as a computer infection that changed to face of how we look at the new-found infiltration of malware targeting Mac computers. Flashback was a type of botnet that was able to infect Macs by means of masquerading as an Adobe Flash installer. Mac OS X users would notice a notification asking that they install or updated Adobe Flash while the download would be a malware cocktail infecting their system.

History will reveal to us that Mac systems were never targeted as much as Windows PCs by malware and hackers. With the partial exposure of the Flashback culprit, it is quite possible that researchers can trace the tracks of malware origins if the right path is followed.

Brian Krebs, an investigative reporter and former Washington Post journalist, has traced evidence on a number of sources, including Russian forum threads dedicated to Blackhat SEO, leading him to a path of uncovering an individual that goes by the handle 'mavook'. This individual, hanging out on Blackhat SEO forums, sites dedicated to sharing ways to deceptively manipulate search results for monetary gain, outwardly admitted to taking responsibility for the Flashback botnet and specializing in finding exploits along with created bots.

By digging deeper into the profile and information on the Russian Blackhat SEO forum member mavook, Krebs was able to find the alleged Flashback malware creator's personal web page, mavook.com. In viewing the WHOIS registration information of the site, it was found that the registrant is named Maxim Selikhanovich, a 30 year old man from Saransk, Russia.

Krebs noted that his discovery revealed a few things about the cybercrime ring in Russia from tracking down Selikhanovich. He adds:

The senior member that Mavook petitions is quite well-known in the Russian cybercrime underground, and these two individuals also are well-known to one another. In fact, in a separate exchange on the main BlackSEO forum between the senior member and a BlackSEO user named JPS, the senior member recommends Mavook as a guy who knows his stuff and can be counted on to produce reliable attack tools.

Having uncovered the alleged culprit of the Flashback malware, it gives security researchers a lead on the Russian cybercrime underground, where a large percentage of malware originates on the level of Blackhat and botnet attacks.