Security Blogger IDs Flashback Trojan Creator

Krebs on Security’s Brian Krebs recently identified a man who claims to have created the Flashback Trojan, which infected more than half a million Macs last year.

“Given Flashback’s focus on gaming Google’s ad networks, I suspected that the worm’s author probably was a key member of forums that focus on so-called ‘black hat SEO,’ (search engine optimization), or learned in illicit ways to game search engines and manipulate ad revenues,” Krebs writes. “Sure enough, this individual happens to be a very active and founding member of, a closely guarded Russian language forum dedicated to this topic.”

In a private exchange on last summer, a user named Mavook described himself as “Creator of Flashback botnet for Macs.” It’s not clear how Krebs was able to view that private exchange — but after that, the process of uncovering Mavook’s identity was relatively straightforward.

Mavook’s profile page on shows that his home page used to be Krebs used DomainTools‘ lookup service to view the history of that domain’s registration, and found that it was originally registered to Maxim Selikhanovich of Mordovia. Other searches (Skype’s user database, now-deleted Facebook accounts, and more) then verified the information.

Krebs’ full description of the search process is worth a read — it’s viewable here.

Jeff Goldman
Jeff Goldman has been a technology journalist for more than 20 years and an eSecurity Planet contributor since 2009.

Top Products

Top Cybersecurity Companies

Related articles