With all this hullabaloo about the Mac falling victim to malware, this trojan seems fairly harmless. Correct me if I'm wrong but I've seen nothing about it stealing personal data or passwords, nothing about damaging or deleting files, nothing about it causing system slowdowns or crashes. It works without screwing anything else up.
This variant appears to be harmless but the way it works is dangerous. It patches applications with a dynamic library so if someone chose to retrieve passwords, they could do so. It's fortunate that they would probably make more money via ads than via checking everyone's bank/Paypal account for cash as well as get less interest from the law. It does in fact affect browser stability:
"The Flashback.G causes your applications to crash upon your Mac Software like Safari, Google Chrome, and Skype. These victims are targeted by the malicious code that when infused triggers instability and malfunctioning."
People were right to dismiss previous variants of this that used social engineering but the latest variants used a security exploit to install a very dangerous and hidden piece of code that, without security experts, would have remained undetected by a large amount of people. It's good that Apple has security in mind though and is taking measures to prevent this sort of thing in future. I'd like to see them isolate browsers more though so that this sort of thing could never happen again as they are the most vulnerable of all applications.
The malware known as "Flashback" that was believed to have infected hundreds of thousands of Macs may have paid out as much as $10,000 a day to its authors.
The estimate comes from the security firm Symantec, which said in a post to its official blog that the primary motivation behind the malware was money. The Flashback Trojan includes an ad-clicking component that will load itself into the three major browsers for Mac ? Safari, Firefox and Chrome ? and generate revenue for the attackers.
"Flashback specifically targets queries made on Google and, depending on the search query, may redirect users to another page of the attacker's choosing, where they receive revenue from the click," Symantec explained.
Peering into the Trojan's code, the security firm found a redirected URL that generates the authors of the code 8 cents per click. If a user conducts a Google search, Flashback will "hijack" the ad click from Google, taking money away from the search giant and granting "untold sums" to the authors of the Trojan.
A previous analysis of a different Trojan found that a botnet with just 25,000 infections could generate up to $450 per day. At its peak, the Flashback Trojan was estimated to have infected 600,000 Macs worldwide, which means the authors could have earned as much as $10,000 per day.
The presence of Flashback has greatly diminished since Apple released a series of software updates last month aimed at squashing the malware, including a Java update and a separate removal tool.
The Flashback Trojan was first discovered by another security firm, Intego, last September. The software attempts to trick users into installing it by appearing as Adobe's Flash Player installer package.
How about calculating how much damage, capital destruction, 'FlashBack' causes society?
I'll bet that is easily two or three magnitudes more than those hacker fuckers make off their little 'trick'.
Comments
This variant appears to be harmless but the way it works is dangerous. It patches applications with a dynamic library so if someone chose to retrieve passwords, they could do so. It's fortunate that they would probably make more money via ads than via checking everyone's bank/Paypal account for cash as well as get less interest from the law. It does in fact affect browser stability:
"The Flashback.G causes your applications to crash upon your Mac Software like Safari, Google Chrome, and Skype. These victims are targeted by the malicious code that when infused triggers instability and malfunctioning."
http://www.zimbio.com/Spyware/articles/bTiXj0E_2ET/Technology+News+Liberate+Mac+being+prey+Flashback
People were right to dismiss previous variants of this that used social engineering but the latest variants used a security exploit to install a very dangerous and hidden piece of code that, without security experts, would have remained undetected by a large amount of people. It's good that Apple has security in mind though and is taking measures to prevent this sort of thing in future. I'd like to see them isolate browsers more though so that this sort of thing could never happen again as they are the most vulnerable of all applications.
Quote:
Originally Posted by AppleInsider
The malware known as "Flashback" that was believed to have infected hundreds of thousands of Macs may have paid out as much as $10,000 a day to its authors.
The estimate comes from the security firm Symantec, which said in a post to its official blog that the primary motivation behind the malware was money. The Flashback Trojan includes an ad-clicking component that will load itself into the three major browsers for Mac ? Safari, Firefox and Chrome ? and generate revenue for the attackers.
"Flashback specifically targets queries made on Google and, depending on the search query, may redirect users to another page of the attacker's choosing, where they receive revenue from the click," Symantec explained.
Peering into the Trojan's code, the security firm found a redirected URL that generates the authors of the code 8 cents per click. If a user conducts a Google search, Flashback will "hijack" the ad click from Google, taking money away from the search giant and granting "untold sums" to the authors of the Trojan.
A previous analysis of a different Trojan found that a botnet with just 25,000 infections could generate up to $450 per day. At its peak, the Flashback Trojan was estimated to have infected 600,000 Macs worldwide, which means the authors could have earned as much as $10,000 per day.
The presence of Flashback has greatly diminished since Apple released a series of software updates last month aimed at squashing the malware, including a Java update and a separate removal tool.
The Flashback Trojan was first discovered by another security firm, Intego, last September. The software attempts to trick users into installing it by appearing as Adobe's Flash Player installer package.
How about calculating how much damage, capital destruction, 'FlashBack' causes society?
I'll bet that is easily two or three magnitudes more than those hacker fuckers make off their little 'trick'.