Mac worm hacker vanishes from blogosphere

The anonymous blogger who claimed to have a Mac OS X worm has vanished, claiming his blog was hacked

Just days after claiming to have written a worm that could be used to attack Mac OS X systems, the anonymous blogger known as Infosecsellout has gone quiet.

His (or her or their) blog as been renamed. Old posts have been removed, the blog has been renamed "Security Information," and Infosecsellout says the blog is finished. Mysteriously, however, there are two new posts on the blog, one of which provides a link to information on the alleged worm.

But they are fake posts, according to Infosecsellout, who said the blog was hacked on Tuesday night and will not be revived.

"Infosecsellout is now dead," the anonymous blogger said in an e-mail message. "It was a great experiment to see how the industry could handle some honesty, which they can't. They are quick to attack the credibility of others in order to hide their own flaws."

Since he started blogging last year, Infosecsellout made his share of enemies, offering uncensored and occasionally amusing observations on computer security research and its practitioners. (He once called this reporter a "mindless hack" for reporting flaws in the beta version of Safari 3.0.)

The blogger said he needed to remain anonymous because of his unpopular opinions. "The last thing I want is some cry baby to involve my employer in things that I say on this blog," he wrote in January.

On Sunday, however, he may have crossed a line, in reporting that he had been "compensated" for writing a worm that could exploit a variation of a bug in Apple's Bonjour automatic network configuration service that was initially patched in May. The flaw lies in Bonjour's mDNSResponder, which is used to do things like discover printers or share iTunes files on a local area network, he wrote.

Though Infosecsellout provided nothing to back up his claim, the story was widely reported and security researchers began to investigate who may have been behind the blog.

Metasploit developer HD Moore said that he's "70 percent" sure he knows Infosecsellout's identity, based on a study of his posts and of e-mail messages from known people performed using a writing analysis tool called Unmask.

Moore wouldn't say whom he suspected, but he noted that Infosecsellout's blog vanished soon after he contacted his suspect. Like every other security researcher contacted Wednesday, he didn't buy Infosecsellout's story that the blog had been hacked.

"It seems like someone's getting worried that their cover is getting blown and they're doing cover-up," Moore said. "There's been a lot more attention from folks trying to unmask [Infosecsellout] in the past day or two."

A blogger going by the name of Cutaway, suggested that a hacker known as LMH could be behind the blog, but Moore said that this argument did not seem credible.

Thomas Ptacek, a researcher at Matasano Security, agreed that the blogger was probably not LMH. "My theory right now is that it's more than one person," he said.

In an e-mail message Infosecsellout said that the blog was written by a group of self-employed authors, but that appeared to contradict the blog's January post claiming that the author was worried about his employer being approached.

When asked to explain the apparent contradiction, the blogger said, "Even the self employed have employers that are subject to crybabies."

Join the newsletter!

Error: Please check your email address.
Rocket to Success - Your 10 Tips for Smarter ERP System Selection
Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Robert McMillan

IDG News Service
Show Comments

Cool Tech

Breitling Superocean Heritage Chronographe 44

Learn more >

SanDisk MicroSDXC™ for Nintendo® Switch™

Learn more >

Toys for Boys

Family Friendly

Panasonic 4K UHD Blu-Ray Player and Full HD Recorder with Netflix - UBT1GL-K

Learn more >

Stocking Stuffer

Razer DeathAdder Expert Ergonomic Gaming Mouse

Learn more >

Christmas Gift Guide

Click for more ›

Most Popular Reviews

Latest Articles

Resources

PCW Evaluation Team

Ben Ramsden

Sharp PN-40TC1 Huddle Board

Brainstorming, innovation, problem solving, and negotiation have all become much more productive and valuable if people can easily collaborate in real time with minimal friction.

Sarah Ieroianni

Brother QL-820NWB Professional Label Printer

The print quality also does not disappoint, it’s clear, bold, doesn’t smudge and the text is perfectly sized.

Ratchada Dunn

Sharp PN-40TC1 Huddle Board

The Huddle Board’s built in program; Sharp Touch Viewing software allows us to easily manipulate and edit our documents (jpegs and PDFs) all at the same time on the dashboard.

George Khoury

Sharp PN-40TC1 Huddle Board

The biggest perks for me would be that it comes with easy to use and comprehensive programs that make the collaboration process a whole lot more intuitive and organic

David Coyle

Brother PocketJet PJ-773 A4 Portable Thermal Printer

I rate the printer as a 5 out of 5 stars as it has been able to fit seamlessly into my busy and mobile lifestyle.

Kurt Hegetschweiler

Brother PocketJet PJ-773 A4 Portable Thermal Printer

It’s perfect for mobile workers. Just take it out — it’s small enough to sit anywhere — turn it on, load a sheet of paper, and start printing.

Featured Content

Product Launch Showcase

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?