Mac Attack: 10 000 dollars each day via Flashback and Google

The Flashback malware, which has targeted Mac computers, has been lucrative for its authors. Up to 10 000 dollars per day has been earned via Google advertising.

Symantec is once again looking at the Flashback malware. Widely reported in the media, this Trojan horse targets Mac computers until a botnet controlling hundreds of thousands of infected machines was built.

For the infection, Flashback exploited a Java vulnerability which Apple belatedly corrected. Apple then offered a utility to delete Flashback.

Flashback allowed Mac antivirus solution developers to shake up the market by pointing out that Mac computers are also susceptible to malware. Kaspersky Lab’s founder and CEO believes that Apple is "ten years behind Microsoft in terms of computer security".

Following the study of a version of Flashback - Flashback.K, Symantec puts forward that this creation has been rather lucrative for its authors, with it earning up to 10 000 dollars per day. This amount may appear astronomical, but Symantec explains that it is because part of the malware targets the Google search engine.

This element is loaded in Google Chrome, Firefox and Safari where it intercepts all GET and POST requests from the browser. "Flashback specifically targets search requests made with Google, and depending on the request, can redirect users to another page selected by attackers where they receive click revenue", explains Symantec.

Attackers therefore earn advertising revenue which should remain with Google. Each time one of these clicks is hijacked, 8 cents is paid to the company, for example. An example using toys is provided.

Symantec concludes that this is "A very lucrative business, and yet another reason that users should keep their Mac and its antivirus definitions up to date".