Remember the nasty Flashback Trojan that infected over 600,000 Macs worldwide? Flashback is now known to have been the biggest Mac infection to date. Luckily it was stopped a couple weeks back by a release from Apple that killed the Trojan for those who updated.But what was the point of this malware?
Apparently the Flashback Trojan made the creators a ton of cash…
You’d never think that a virus or a piece of malware could be a profitable business right? Well according to Symantec, the Flashback Trojan “netted upwards of $10,000 a day.” That’s stupid money for someone who just launched a virus through the web. In no way am I saying it was right, but they definitely worked the system.
The Trojan would direct your web browser to pages of its choosing to take advantage of Google advertisements and steal revenue from each click or visit one of the more that 600,000 users made.
Symantec goes on to explain how it worked:
The Flashback ad-clicking component is loaded into Chrome, Firefox, and Safari where it can intercept all GET and POST requests from the browser. Flashback specifically targets search queries made on Google and, depending on the search query, may redirect users to another page of the attacker’s choosing, where they receive revenue from the click . (Google never receives the intended ad click.)
Apparently they made it untraceable as well…
Flashback uses a specially crafted user agent in these requests, which is actually the clients universally unique identifier (UUID) encoded in base64. This is already sent in the “ua” query string parameter, so it is likely that this is an effort to thwart “unknown” parties from investigating the URL with unrecognised user-agents.
Symantec says this is nothing new:
Ad-clicking Trojans are nothing new and in an analysis of W32.Xpaj.B last August a botnet measuring in the region of 25,000 infections could generate the author up to $450 per day. Considering the Flashback Trojan measures in the hundreds of thousands, this figure could sharply rise to the order of $10,000 per day.
That’s a whole bunch of money for a silly Trojan. Hopefully your Mac wasn’t infected with the malware. But make sure you upgrade your Software if you haven’t in a while. Updating to the latest software is the best way to keep your Mac safe from any infections.