Flashback was earning about $10K per day
People often wonder about what motivates the creators of malware. In the case of the Flashback malware that infected several hundred thousand Macs, it turns out that the motivator was money.
A post on the Symantec official blog listed the stages of infection from Flashback:
- A user visits a compromised website.
- The browser is redirected to an exploit site hosting numerous Java exploits.
- CVE-2012-0507 is used to decrypt and install the initial OSX.Flashback.K component.
- This component downloads a loader and an Ad-clicking component.
That ad-clicking component is what made the money for the scoundrels who wrote the malware. As the Symantec post explains, the malware specifically targets searches made on Google. Depending on the search query, the malware redirected the Mac user to another page chosen by the attacker, and the attacker received revenue from the click-through. Since Google never received the intended ad click, they lost revenue.
Symantec analyzed a similar botnet last year and determined that about 25,000 infected machines could net the attacker about US$450 per day. Based on the breadth of the Flashback attack, they estimated that the malware was earning its creators almost $10,000 per day.
If you haven't updated your Mac to counteract a possible Java malware attack, or run Apple's free tool for removing the malware from Macs that don't have Java installed, be sure to run Software Update as soon as possible to protect yourself.
Subscribe to Newsletter
Software Updatesmore updates
- Fantastical 2.1 for iOS adds new snooze, search and notification features
- ExpanDrive 4, more services and faster sync
- Apple adds iTunes Extras to Apple TV
- Spotify updates with new iPhone controls in time for summer BBQs
- iTunes U update will bring course creation and student discussion to iPad app
- Dropbox for iOS update adds new setup and file management options