In September 2011, security companies first noticed a new malware scam for OS X, which posed as a fake Adobe Flash installer, and hence became known as Flashback. Unlike prior scams, this malware took on some new approaches to tricking users by infecting common browsers, disabling Apple's XProtect system, and eventually morphing into a Java-based exploit that resulted in approximately 600,000 Macs being infected worldwide.
The Flashback malware has been seen as one of the more widespread and successful attacks on the OS X platform, but while it was eventually snuffed out a year later, it left everyone hanging on exactly who created it.
Recently, security analyst Brian Krebs began investigating some leads on the malware, and has identified a Eastern European man who goes by the username Mavook who left a breadcrumb trail in a correspondence with a forum member of BlackSEO.com, an underground cybercrime forum, in order to get access to another underground forum called Darkode.com.
In order to gain access, Mavook had to write a small bio about his projects, which included "Creator of Flashback botnet for Macs," and following this, additional conversations outlined plans to acquire and sell exploit packs.
Following leads through registered domains, e-mail addresses, and profile information on these underground forums and Web sites, Krebs was able to locate and pinpoint 30-year-old Maxim Dmitrievich Selihanovich from Saransk, Mordovia, as the creator and mastermind behind the Flashback botnet.
You can read Krebs' entire findings at the Krebs on Security blog.