The Flashback malware that's infected hundreds of thousands of Macsmay be generating more than $10,000 a day for the hackers who madethe Trojan horse, Symantec said Monday. The malware steals clicks from ads that Google's search enginedisplays alongside search results. [ Also on InfoWorld: Macs more likely to carry Windows malware than Mac malware, studyfinds . | For tips and tools for managing an enterprise Mac fleet,download InfoWorld's free "Business Mac" Deep Dive PDF special report today. Vertical Pressure Leaf Filters
| See InfoWorld's slideshow tour of Mac OS X Lion's top 20 features and test your Apple smarts with our Apple IQ test: Round 2 . | Keep up with key Apple technologies with the Technology: Apple newsletter . ] In a blog entry posted today, Symantec published an analysis of Flashback'smoney-making capabilities, and concluded -- as others had earlier-- that the gang was turning a profit through click fraud. Flashback.K surfaced in March and by early April had infected more than 600,000 Macs. China Industrial Bag Filters
"Click fraud" describes campaigns where large numbers of people aresilently redirected to online ads not normally served by the sitethe user is viewing. The criminals receive kickbacks from thesometimes-legitimate, sometimes-shady intermediaries for each adclicked. The clicks are "ghost clicks" in that they are not triggered by ahuman, but instead by the botnet. That's exactly what Flashback.K does, said Symantec. China Industrial Oil Separators
After wormingits way onto a Mac via an exploit of a since-patched Javavulnerability, Flashback.K loads an ad-clicking component intoApple's Safari, Google's Chrome and Mozilla's Firefox browsers. "Flashback specifically targets search queries made on Google and,depending on the search query, may redirect users to another pageof the attacker's choosing, where they receive revenue from theclick," said Symantec. "Google never receives the intended adclick." In one code snippet shown by Symantec, a hijacked ad based on theuser searching for "toys" would generate $0.008 per click, meaningthat 1,000 clicks would earn the hackers $8, 10,000 clicks $80, andso on. The Flashback gang is still earning this fraudulent revenue, eventhough much of the botnet has been "sinkholed" by Symantec andother antivirus companies, said Vikram Thakur, principal securityresponse manager at Symantec. By registering as many potentialcommand-and-control (C&C) domains used by the malware toreceive instructions, security researchers prevent orders fromreaching the infected Macs.
The commands fall down a metaphoric"sinkhole" instead. But in an interview today, Thakur confirmed that Flashback-infectedMacs, even those that have been sinkholed by security firms,continue to produce revenue for the hackers. "They're still making money," said Thakur, explaining that thead-clicking component communicates to different C&C serverswhose IP addresses are hard-coded into the malware. Those servershave not been sinkholed. "In fact, they're making a lot of money.
| See InfoWorld's slideshow tour of Mac OS X Lion's top 20 features and test your Apple smarts with our Apple IQ test: Round 2 . | Keep up with key Apple technologies with the Technology: Apple newsletter . ] In a blog entry posted today, Symantec published an analysis of Flashback'smoney-making capabilities, and concluded -- as others had earlier-- that the gang was turning a profit through click fraud. Flashback.K surfaced in March and by early April had infected more than 600,000 Macs. China Industrial Bag Filters
"Click fraud" describes campaigns where large numbers of people aresilently redirected to online ads not normally served by the sitethe user is viewing. The criminals receive kickbacks from thesometimes-legitimate, sometimes-shady intermediaries for each adclicked. The clicks are "ghost clicks" in that they are not triggered by ahuman, but instead by the botnet. That's exactly what Flashback.K does, said Symantec. China Industrial Oil Separators
After wormingits way onto a Mac via an exploit of a since-patched Javavulnerability, Flashback.K loads an ad-clicking component intoApple's Safari, Google's Chrome and Mozilla's Firefox browsers. "Flashback specifically targets search queries made on Google and,depending on the search query, may redirect users to another pageof the attacker's choosing, where they receive revenue from theclick," said Symantec. "Google never receives the intended adclick." In one code snippet shown by Symantec, a hijacked ad based on theuser searching for "toys" would generate $0.008 per click, meaningthat 1,000 clicks would earn the hackers $8, 10,000 clicks $80, andso on. The Flashback gang is still earning this fraudulent revenue, eventhough much of the botnet has been "sinkholed" by Symantec andother antivirus companies, said Vikram Thakur, principal securityresponse manager at Symantec. By registering as many potentialcommand-and-control (C&C) domains used by the malware toreceive instructions, security researchers prevent orders fromreaching the infected Macs.
The commands fall down a metaphoric"sinkhole" instead. But in an interview today, Thakur confirmed that Flashback-infectedMacs, even those that have been sinkholed by security firms,continue to produce revenue for the hackers. "They're still making money," said Thakur, explaining that thead-clicking component communicates to different C&C serverswhose IP addresses are hard-coded into the malware. Those servershave not been sinkholed. "In fact, they're making a lot of money.
※コメント投稿者のブログIDはブログ作成者のみに通知されます