Flashback OS X malware estimated to net authors $10K per day
The malware known as "Flashback" that was believed to have infected hundreds of thousands of Macs may have paid out as much as $10,000 a day to its authors.
The estimate comes from the security firm Symantec, which said in a post to its official blog that the primary motivation behind the malware was money. The Flashback Trojan includes an ad-clicking component that will load itself into the three major browsers for Mac ? Safari, Firefox and Chrome ? and generate revenue for the attackers.
"Flashback specifically targets queries made on Google and, depending on the search query, may redirect users to another page of the attacker's choosing, where they receive revenue from the click," Symantec explained.
Peering into the Trojan's code, the security firm found a redirected URL that generates the authors of the code 8 cents per click. If a user conducts a Google search, Flashback will "hijack" the ad click from Google, taking money away from the search giant and granting "untold sums" to the authors of the Trojan.
A previous analysis of a different Trojan found that a botnet with just 25,000 infections could generate up to $450 per day. At its peak, the Flashback Trojan was estimated to have infected 600,000 Macs worldwide, which means the authors could have earned as much as $10,000 per day.
The presence of Flashback has greatly diminished since Apple released a series of software updates last month aimed at squashing the malware, including a Java update and a separate removal tool.
The Flashback Trojan was first discovered by another security firm, Intego, last September. The software attempts to trick users into installing it by appearing as Adobe's Flash Player installer package.
The estimate comes from the security firm Symantec, which said in a post to its official blog that the primary motivation behind the malware was money. The Flashback Trojan includes an ad-clicking component that will load itself into the three major browsers for Mac ? Safari, Firefox and Chrome ? and generate revenue for the attackers.
"Flashback specifically targets queries made on Google and, depending on the search query, may redirect users to another page of the attacker's choosing, where they receive revenue from the click," Symantec explained.
Peering into the Trojan's code, the security firm found a redirected URL that generates the authors of the code 8 cents per click. If a user conducts a Google search, Flashback will "hijack" the ad click from Google, taking money away from the search giant and granting "untold sums" to the authors of the Trojan.
A previous analysis of a different Trojan found that a botnet with just 25,000 infections could generate up to $450 per day. At its peak, the Flashback Trojan was estimated to have infected 600,000 Macs worldwide, which means the authors could have earned as much as $10,000 per day.
The presence of Flashback has greatly diminished since Apple released a series of software updates last month aimed at squashing the malware, including a Java update and a separate removal tool.
The Flashback Trojan was first discovered by another security firm, Intego, last September. The software attempts to trick users into installing it by appearing as Adobe's Flash Player installer package.
Comments
Is AI being paid to post these ads?
Do you mean the Ads running down the side of the page. You can bet they are, more if one is clicked on. That is the same for basically every site which is why they post page hit inducing headlines etc
From the article it seems like this Trojan isn't doing squat amiss to the 'host' computer but rather changing the reference codes in the ad links so the money goes to another person. So like if it was an ad here instead of the referral code being Appleinsider it is macrumors.
So it seems that my previous question of what's the actual damage done to the computers infected to make the owners need to panic is either answered with nothing or still unanswered. When credit card numbers, bank passwords etc are being grabbed then it's a time to panic
Wow who wants to start a Mac malware gang? I'll buy the beer and someone else can write the trojan. I couldn't code anything to save my life.
Quote:
Originally Posted by charlituna
Do you mean the Ads running down the side of the page.
Oh, you know what I mean.
Quote:
Originally Posted by AppleInsider
The malware known as "Flashback" that was believed to have infected hundreds of thousands of Macs may have paid out as much as $10,000 a day to its authors.
Too bad they didn't make a Windows trojan. They could have earned $90,000.00 per day.
Quote:
Originally Posted by AppleInsider
The malware known as "Flashback" that was believed to have infected hundreds of thousands of Macs may have paid out as much as $10,000 a day to its authors.
The estimate comes from the security firm Symantec, which said in a post to its official blog that the primary motivation behind the malware was money.
Cynically, I thought they were probably being paid by Apple's competitors or by antivirus software vendors.
The Flashback Trojan was first discovered by another security firm, Intego, last September. The software attempts to trick users into installing it by appearing as Adobe's Flash Player installer package.
Calling Malware originators "Authors" dignifies in all the worst ways people that are nothing more than criminals! These are the dregs of humanity and deserve nothing but our contempt and should be pursued by law enforcement with the greatest vigor and incarcerated, not rewarded with security jobs after tainting the lives and livelihoods of thousands, if not milions of net users.
Quote:
Originally Posted by AppleInsider
A previous analysis of a different Trojan found that a botnet with just 25,000 infections could generate up to $450 per day. At its peak, the Flashback Trojan was estimated to have infected 600,000 Macs worldwide, which means the authors could have earned as much as $10,000 per day.
You mean 'someone pulled the 600,000 number out of their butts'.
As shown previously, the numbers cited didn't make any sense. In particular, the claimed numbers dropped by around 60-70% BEFORE Apple released the fix. It is just not plausible that 60-70% of infected computers (who would be, on average, less technically competent than most users) were able and willing to follow the procedure for using Terminal to remove the infection.
There were quite a few other reasons why the number was bogus, as well.
Another slow news day in Appleland.
So...
There is a certain irony here -- like taking it to the man!
As I understand it, the malware code intercepts and redirects ad clicks so Google doesn't get paid -- but the alleged perpetrators (police talk) are paid, instead... in fact it could be a net cost to Google.
Hmm...
In order for this to work, wouldn't the alleged perpetrators need to have web pages that would be paid for the clicks?
It seems like Google and the Advertisers would:
-- have the necessary means to determine who is being paid, for what
-- be able to authenticate that the source (payee) of the ad click is who (the page) he says he is
...Maybe a case for Perry Mason
Everyday it's the same stories:
Flashback
Samsung trial
4G or not
Market share lead irrelevance/profit share boasting
Wake Up protest
FRAND
So the malware authors are using Flashback to rip off Google to the tune of 10K per day - hmm, where can I get this Flashback tool?
Just curious. Who here has actually had the Malware on one of their machines? I have been checking machines quite a bit in the last few weeks I have yet to find one infected.
Quote:
Originally Posted by techno
Just curious. Who here has actually had the Malware on one of their machines? I have been checking machines quite a bit in the last few weeks I have yet to find one infected.
It looks like Symantec had 10 Macs that they intentionally infected and then extrapolated that number to the entire Mac installed base.
If the perpetrators of the Flashback malaware are being paid, then why can't they be traced and prosecuted?
Electronic money payments always leaves an audit trail!
Quote:
Originally Posted by Postulant
Everyday it's the same stories:
Flashback
Samsung trial
4G or not
Market share lead irrelevance/profit share boasting
Wake Up protest
FRAND
and the same Samsung+Kindle ads on the side bars!
Wow, if it's that profitable, yeah lets create a Mac malware gang indeed!
Wow, if it's that profitable, yeah lets create a Mac malware gang indeed!
With all this hullabaloo about the Mac falling victim to malware, this trojan seems fairly harmless. Correct me if I'm wrong but I've seen nothing about it stealing personal data or passwords, nothing about damaging or deleting files, nothing about it causing system slowdowns or crashes. It works without screwing anything else up. Almost sounds like an Apple product, eh?