Symantec Says Purpose for Flashback Botnet was Profit

 

The Botnet called ‘Flashback’ which infected over 600,000 Mac computers a while back is believed to have been created to net its authors as much as $10,000 a day. According to a blog post by Symantec, the primary motivation behind the alleged botnet was money. The security firm detailed that the Trojan virus provided an ad-clicking component which would then load itself into 3 different browsers for Mac, Safari, Firefox and Chrome. By doing this, it generated revenue for the people behind it.

The post from Symantec explained, “Flashback specifically targets queries made on Google and, depending on the search query, may redirect users to another page of the attacker’s choosing, where they receive revenue from the click.” After having analyzed the code of the Trojan, Symantec discovered that within it lay a redirected URL which generates the authors 8 cents per click by “hijacking” the ad click from Google itself if a search was conducted using the engine and effectively taking away the money from the online search giant and putting it in the laps of the purported team behind “Flashback”.

The sum of $10,000 a day comes with an extrapolation of a previously analyzed Trojan which used similar methods and could generate up to $450 a day but then again, that one only infected 25,000 computers. On the other hand, with the massive figure of over 600,000 Macs worldwide, the amount of money that was obtained was significantly more.

Since it was first discovered in September 2011, the presence of the ‘Flashback’ botnet has decreased helped along its way out by a series of software updates from Apple which included an update for Java as well as a separate tool for removing the virus. When it was first noticed by a separate security firm called Intego, the botnet was tricking users into installing it onto their Macs by appearing as Adobe’s Flash Player Installer.

Pradeep Chandrasekaran
Categories: Apple, Computers
Tags: flashback, Mac (Apple), Malware, symantec