or Connect
AppleInsider › Forums › Software › Mac OS X › Flashback OS X malware estimated to net authors $10K per day
New Posts  All Forums:Forum Nav:

Flashback OS X malware estimated to net authors $10K per day

post #1 of 23
Thread Starter 
The malware known as "Flashback" that was believed to have infected hundreds of thousands of Macs may have paid out as much as $10,000 a day to its authors.

The estimate comes from the security firm Symantec, which said in a post to its official blog that the primary motivation behind the malware was money. The Flashback Trojan includes an ad-clicking component that will load itself into the three major browsers for Mac ? Safari, Firefox and Chrome ? and generate revenue for the attackers.

"Flashback specifically targets queries made on Google and, depending on the search query, may redirect users to another page of the attacker's choosing, where they receive revenue from the click," Symantec explained.

Peering into the Trojan's code, the security firm found a redirected URL that generates the authors of the code 8 cents per click. If a user conducts a Google search, Flashback will "hijack" the ad click from Google, taking money away from the search giant and granting "untold sums" to the authors of the Trojan.

A previous analysis of a different Trojan found that a botnet with just 25,000 infections could generate up to $450 per day. At its peak, the Flashback Trojan was estimated to have infected 600,000 Macs worldwide, which means the authors could have earned as much as $10,000 per day.

Flashback


The presence of Flashback has greatly diminished since Apple released a series of software updates last month aimed at squashing the malware, including a Java update and a separate removal tool.

The Flashback Trojan was first discovered by another security firm, Intego, last September. The software attempts to trick users into installing it by appearing as Adobe's Flash Player installer package.
post #2 of 23

Is AI being paid to post these ads?

Originally Posted by Marvin

The only thing more insecure than Android’s OS is its userbase.
Reply

Originally Posted by Marvin

The only thing more insecure than Android’s OS is its userbase.
Reply
post #3 of 23
Quote:
Originally Posted by Tallest Skil View Post

Is AI being paid to post these ads?


Do you mean the Ads running down the side of the page. You can bet they are, more if one is clicked on. That is the same for basically every site which is why they post page hit inducing headlines etc

From the article it seems like this Trojan isn't doing squat amiss to the 'host' computer but rather changing the reference codes in the ad links so the money goes to another person. So like if it was an ad here instead of the referral code being Appleinsider it is macrumors.

So it seems that my previous question of what's the actual damage done to the computers infected to make the owners need to panic is either answered with nothing or still unanswered. When credit card numbers, bank passwords etc are being grabbed then it's a time to panic

A non tech's thoughts on Apple stuff 

(She's family so I'm a little biased)

Reply

A non tech's thoughts on Apple stuff 

(She's family so I'm a little biased)

Reply
post #4 of 23

Wow who wants to start a Mac malware gang?  I'll buy the beer and someone else can write the trojan.  I couldn't code anything to save my life.

post #5 of 23
Quote:
Originally Posted by charlituna View Post
Do you mean the Ads running down the side of the page.

 

Oh, you know what I mean.

Originally Posted by Marvin

The only thing more insecure than Android’s OS is its userbase.
Reply

Originally Posted by Marvin

The only thing more insecure than Android’s OS is its userbase.
Reply
post #6 of 23

 

Quote:
Originally Posted by AppleInsider View Post

The malware known as "Flashback" that was believed to have infected hundreds of thousands of Macs may have paid out as much as $10,000 a day to its authors.
 

 

Too bad they didn't make a Windows trojan.  They could have earned $90,000.00 per day.

post #7 of 23

 

Quote:
Originally Posted by AppleInsider View Post

The malware known as "Flashback" that was believed to have infected hundreds of thousands of Macs may have paid out as much as $10,000 a day to its authors.
The estimate comes from the security firm Symantec, which said in a post to its official blog that the primary motivation behind the malware was money.

 

Cynically, I thought they were probably being paid by Apple's competitors or by antivirus software vendors.

 

 

 

 

post #8 of 23

The Flashback Trojan was first discovered by another security firm, Intego, last September. The software attempts to trick users into installing it by appearing as Adobe's Flash Player installer package.

 

flash.jpg

Tallest Skil:


"Eventually Google will have their Afghanistan with Oracle and collapse"

"The future is Apple, Google, and a third company that hasn't yet been created."


 


 

Reply

Tallest Skil:


"Eventually Google will have their Afghanistan with Oracle and collapse"

"The future is Apple, Google, and a third company that hasn't yet been created."


 


 

Reply
post #9 of 23

Calling Malware originators "Authors" dignifies in all the worst ways people that are nothing more than criminals! These are the dregs of humanity and deserve nothing but our contempt and should be pursued by law enforcement with the greatest vigor and incarcerated, not rewarded with security jobs after tainting the lives and livelihoods of thousands, if not milions of net users.

post #10 of 23

 

Quote:
Originally Posted by AppleInsider View Post


A previous analysis of a different Trojan found that a botnet with just 25,000 infections could generate up to $450 per day. At its peak, the Flashback Trojan was estimated to have infected 600,000 Macs worldwide, which means the authors could have earned as much as $10,000 per day.

 

You mean 'someone pulled the 600,000 number out of their butts'.


As shown previously, the numbers cited didn't make any sense. In particular, the claimed numbers dropped by around 60-70% BEFORE Apple released the fix. It is just not plausible that 60-70% of infected computers (who would be, on average, less technically competent than most users) were able and willing to follow the procedure for using Terminal to remove the infection.

There were quite a few other reasons why the number was bogus, as well.

"I'm way over my head when it comes to technical issues like this"
Gatorguy 5/31/13
Reply
"I'm way over my head when it comes to technical issues like this"
Gatorguy 5/31/13
Reply
post #11 of 23

Another slow news day in Appleland.

post #12 of 23

So...

 

There is a certain irony here -- like taking it to the man!

 

As I understand it, the malware code intercepts and redirects ad clicks so Google doesn't get paid -- but the alleged perpetrators (police talk) are paid, instead... in fact it could be a net cost to Google.

 

Hmm...

 

In order for this to work, wouldn't the alleged perpetrators need to have web pages that would be paid for the clicks?

 

It seems like Google and the Advertisers would:

-- have the necessary means to determine who is being paid, for what

-- be able to authenticate that the source (payee) of the ad click is who (the page) he says he is

 

...Maybe a case for Perry Mason  lol.gif

"Swift generally gets you to the right way much quicker." - auxio -

"The perfect [birth]day -- A little playtime, a good poop, and a long nap." - Tomato Greeting Cards -
Reply
"Swift generally gets you to the right way much quicker." - auxio -

"The perfect [birth]day -- A little playtime, a good poop, and a long nap." - Tomato Greeting Cards -
Reply
post #13 of 23
Quote:
Originally Posted by kent909 View Post

Another slow news day in Appleland.


Everyday it's the same stories:

Flashback
Samsung trial
4G or not
Market share lead irrelevance/profit share boasting
Wake Up protest
FRAND
post #14 of 23

So the malware authors are using Flashback to rip off Google to the tune of 10K per day - hmm, where can I get this Flashback tool? lol.gif

post #15 of 23

Just curious. Who here has actually had the Malware on one of their machines? I have been checking machines quite a bit in the last few weeks I have yet to find one infected.

TechnoMinds

We are a Montreal based technology company that offers a variety of tech services such as tech support for Apple products, Drupal based website development, computer training and iCloud...

Reply

TechnoMinds

We are a Montreal based technology company that offers a variety of tech services such as tech support for Apple products, Drupal based website development, computer training and iCloud...

Reply
post #16 of 23
Quote:
Originally Posted by techno View Post

Just curious. Who here has actually had the Malware on one of their machines? I have been checking machines quite a bit in the last few weeks I have yet to find one infected.

 

 

It looks like Symantec had 10 Macs that they intentionally infected and then extrapolated that number to the entire Mac installed base.

"I'm way over my head when it comes to technical issues like this"
Gatorguy 5/31/13
Reply
"I'm way over my head when it comes to technical issues like this"
Gatorguy 5/31/13
Reply
post #17 of 23

If the perpetrators of the Flashback malaware are being paid, then why can't they be traced and prosecuted?

 

Electronic money payments always leaves an audit trail!

post #18 of 23
Quote:
Originally Posted by Postulant View Post


Everyday it's the same stories:
Flashback
Samsung trial
4G or not
Market share lead irrelevance/profit share boasting
Wake Up protest
FRAND


and the same Samsung+Kindle ads on the side bars! lol.gif

post #19 of 23

Wow, if it's that profitable, yeah lets create a Mac malware gang indeed! lol.gif

Switching From Windows on Nov. 30th 2007
-------------------------------------
MacBook Pro 13" 2011
Reply
Switching From Windows on Nov. 30th 2007
-------------------------------------
MacBook Pro 13" 2011
Reply
post #20 of 23

Wow, if it's that profitable, yeah lets create a Mac malware gang indeed! lol.gif

Switching From Windows on Nov. 30th 2007
-------------------------------------
MacBook Pro 13" 2011
Reply
Switching From Windows on Nov. 30th 2007
-------------------------------------
MacBook Pro 13" 2011
Reply
post #21 of 23

With all this hullabaloo about the Mac falling victim to malware, this trojan seems fairly harmless. Correct me if I'm wrong but I've seen nothing about it stealing personal data or passwords, nothing about damaging or deleting  files, nothing about it causing system slowdowns or crashes. It works without screwing anything else up. Almost sounds like an Apple product, eh?

"You can't fall off the floor"   From 128k Mac to 8GB MBP

Reply

"You can't fall off the floor"   From 128k Mac to 8GB MBP

Reply
post #22 of 23
Quote:
Originally Posted by waybacmac View Post

With all this hullabaloo about the Mac falling victim to malware, this trojan seems fairly harmless. Correct me if I'm wrong but I've seen nothing about it stealing personal data or passwords, nothing about damaging or deleting  files, nothing about it causing system slowdowns or crashes. It works without screwing anything else up.

This variant appears to be harmless but the way it works is dangerous. It patches applications with a dynamic library so if someone chose to retrieve passwords, they could do so. It's fortunate that they would probably make more money via ads than via checking everyone's bank/Paypal account for cash as well as get less interest from the law. It does in fact affect browser stability:

"The Flashback.G causes your applications to crash upon your Mac Software like Safari, Google Chrome, and Skype. These victims are targeted by the malicious code that when infused triggers instability and malfunctioning."

http://www.zimbio.com/Spyware/articles/bTiXj0E_2ET/Technology+News+Liberate+Mac+being+prey+Flashback

People were right to dismiss previous variants of this that used social engineering but the latest variants used a security exploit to install a very dangerous and hidden piece of code that, without security experts, would have remained undetected by a large amount of people. It's good that Apple has security in mind though and is taking measures to prevent this sort of thing in future. I'd like to see them isolate browsers more though so that this sort of thing could never happen again as they are the most vulnerable of all applications.
post #23 of 23
Quote:
Originally Posted by AppleInsider View Post

The malware known as "Flashback" that was believed to have infected hundreds of thousands of Macs may have paid out as much as $10,000 a day to its authors.
The estimate comes from the security firm Symantec, which said in a post to its official blog that the primary motivation behind the malware was money. The Flashback Trojan includes an ad-clicking component that will load itself into the three major browsers for Mac ? Safari, Firefox and Chrome ? and generate revenue for the attackers.
"Flashback specifically targets queries made on Google and, depending on the search query, may redirect users to another page of the attacker's choosing, where they receive revenue from the click," Symantec explained.
Peering into the Trojan's code, the security firm found a redirected URL that generates the authors of the code 8 cents per click. If a user conducts a Google search, Flashback will "hijack" the ad click from Google, taking money away from the search giant and granting "untold sums" to the authors of the Trojan.
A previous analysis of a different Trojan found that a botnet with just 25,000 infections could generate up to $450 per day. At its peak, the Flashback Trojan was estimated to have infected 600,000 Macs worldwide, which means the authors could have earned as much as $10,000 per day.
Flashback

The presence of Flashback has greatly diminished since Apple released a series of software updates last month aimed at squashing the malware, including a Java update and a separate removal tool.
The Flashback Trojan was first discovered by another security firm, Intego, last September. The software attempts to trick users into installing it by appearing as Adobe's Flash Player installer package.

 

 

How about calculating how much damage, capital destruction, 'FlashBack' causes society?

 

I'll bet that is easily two or three magnitudes more than those hacker fuckers make off their little 'trick'.

New Posts  All Forums:Forum Nav:
  Return Home
  Back to Forum: Mac OS X
AppleInsider › Forums › Software › Mac OS X › Flashback OS X malware estimated to net authors $10K per day