The Botnet called ‘Flashback’ which infected over 600,000 Mac computers a while back is believed to have been created to net its authors as much as $10,000 a day. According to a blog post by Symantec, the primary motivation behind the alleged botnet was money. The security firm detailed that the Trojan virus provided an ad-clicking component which would then load itself into 3 different browsers for Mac, Safari, Firefox and Chrome. By doing this, it generated revenue for the people behind it.
The post from Symantec explained, “Flashback specifically targets queries made on Google and, depending on the search query, may redirect users to another page of the attacker’s choosing, where they receive revenue from the click.” After having analyzed the code of the Trojan, Symantec discovered that within it lay a redirected URL which generates the authors 8 cents per click by “hijacking” the ad click from Google itself if a search was conducted using the engine and effectively taking away the money from the online search giant and putting it in the laps of the purported team behind “Flashback”.
The sum of $10,000 a day comes with an extrapolation of a previously analyzed Trojan which used similar methods and could generate up to $450 a day but then again, that one only infected 25,000 computers. On the other hand, with the massive figure of over 600,000 Macs worldwide, the amount of money that was obtained was significantly more.
Since it was first discovered in September 2011, the presence of the ‘Flashback’ botnet has decreased helped along its way out by a series of software updates from Apple which included an update for Java as well as a separate tool for removing the virus. When it was first noticed by a separate security firm called Intego, the botnet was tricking users into installing it onto their Macs by appearing as Adobe’s Flash Player Installer.
- 2014-01-15 Symantec Patents Method To Weed Out Fake Or Malicious Torrents
- 2012-07-24 Windows malware intrudes iOS App Store
- 2012-05-05 Symantec releases Norton 2013 public beta
- 2012-04-18 Google Play Removes 29 Data Stealing Apps with Symantec’s Help
- 2012-04-18 Symantec reports that 140,000 Mac computers are still infected with the Flashback trojan
- 2012-04-12 F-Secure rolls out Flashback removal app for affected Mac computers
- 2012-04-11 Apple developing their own software to remove the Flashback trojan
- 2012-04-04 Over 600,000 Macs infected with Flashback botnet
- 2012-02-07 Hacker releases Symantec's source code