The high-profile Flashback Trojan that is estimated to have infected more than 600,000 Macs at its peak earlier this year would have earned its creators $14,000 in the course of three weeks.
The only hitch is that the money isn’t going anywhere.
In a blog post today, security firm Symantec says the pay per click provider the malware makers were using spotted the activity as fraudulent.
“Many (pay per click) providers employ anti-fraud measures and affiliate-verification processes before paying. Fortunately, the attackers in this instance appear to have been unable to complete the necessary steps to be paid,” the firm said.
Symantec says that the advertising component of the Flashback malware — the one that would show clickable ads to users — was installed on some 10,000 of the estimated 600,000 infected machines. During a three-week period beginning last month, that led to an estimated 10 million ads being displayed, however only 400,000 were clicked on.
“In other words, utilizing less than two percent of the entire botnet the attackers were able to generate $14,000 in three weeks, meaning that if the attackers were able to use the entire botnet, they could potentially have earned millions of dollars a year,” Symantec said.
An estimate from the security firm earlier this month suggested Flashback’s creators could bring in up to $10,000 per day using this technique during the height of the infection.
The firm reiterated that the main source of income for the malware was click fraud. The malware kept an eye on search terms typed in by users, before relaying that information to pay per click services. It would then highjack search results to display what it wanted users to see and click on. In this case, Symantec says 98 percent of the ads came from a single pay per click provider.
- Mac Flashback malware: What it is and how to get rid of it (FAQ)
- How to remove the Flashback malware from OS X
- Flashback creators netted $10,000 per day at its height?
Flashback is a form of malware designed to grab passwords and other information from users through their Web browser and other applications. A user typically mistakes it for a legitimate browser plug-in while visiting a malicious Web site. At that point, the software installs code designed to gather personal information and send it back to remote servers.
Last month Apple updated Java for Mac OS X Snow Leopard and Lion to detect and removes the malware. The company brought a similar update to Leopard, an earlier version of OS X, just this week. Both options were pre-dated by removal tools from security companies F-Secure, Kaspersky Lab and Symantec.
via CNET Latest News http://news.cnet.com/8301-13579_3-57435866-37/flashback-makers-missed-out-on-their-payday-symantec-says/?part=rss&subj=latest-news2&tag=title