Flashback was earning about $10K per day
People often wonder about what motivates the creators of malware. In the case of the Flashback malware that infected several hundred thousand Macs, it turns out that the motivator was money.
A post on the Symantec official blog listed the stages of infection from Flashback:
- A user visits a compromised website.
- The browser is redirected to an exploit site hosting numerous Java exploits.
- CVE-2012-0507 is used to decrypt and install the initial OSX.Flashback.K component.
- This component downloads a loader and an Ad-clicking component.
That ad-clicking component is what made the money for the scoundrels who wrote the malware. As the Symantec post explains, the malware specifically targets searches made on Google. Depending on the search query, the malware redirected the Mac user to another page chosen by the attacker, and the attacker received revenue from the click-through. Since Google never received the intended ad click, they lost revenue.
Symantec analyzed a similar botnet last year and determined that about 25,000 infected machines could net the attacker about US$450 per day. Based on the breadth of the Flashback attack, they estimated that the malware was earning its creators almost $10,000 per day.
If you haven't updated your Mac to counteract a possible Java malware attack, or run Apple's free tool for removing the malware from Macs that don't have Java installed, be sure to run Software Update as soon as possible to protect yourself.
Software Updatesmore updates
- Apple Remote Desktop updated with Yosemite support
- OS X Yosemite 10.10.2, iOS 8.1.3 updates now available
- Sports Illustrated 120 SPORTS channel comes to Apple TV
- Logic Pro X update brings AirDrop support, new effects, tools, and more
- Parallels Access 2.5 released, adds file manager, computer-to-computer remote access
- The Google Translate iOS app is about to get a lot smarter