Flashback malware could have netted creators $10K daily, says Symantec
Symantec has dissected the Flashback Trojan that reportedly infected some 600,000 Macs, thought to be the highest number of Macs to succumb to a single malware campaign. As we reported in April, the Flashback malware makes use of a bug in Java and is capable of infecting a Mac OS X system when a user simply visits a malicious website with the vulnerable version of Java installed.
So what was the ultimate goal of compromising such a large number of Macs? The answer, it seems, lies entirely within the ad-clicking component. According to work done by Symantec, this "component is loaded into Chrome, Firefox, and Safari where it can intercept all GET and POST requests from the browser." Once in place, "Flashback specifically targets search queries made on Google and, depending on the search query, may redirect users to another page of the attacker's choosing, where they receive revenue from the click."
By redirecting the user to a new site affiliated with the attackers, Flashback is effectively causing lost revenue for Google (NASDAQ: GOOG) as its creators reap an unknown amount of money for themselves. Considering how another botnet in the region of 25,000 infections could generate up to $450 per day, Symantec observed that the strong Flashback botnet could conceivably "rise to the order of $10,000 per day."
With such a strong profit motive, security administrators and IT managers could expect more of such malware to surface--for Windows and Mac OS X alike.