Flashback malware turns Macs into moola, says Symantec

Investigation of the Flashback trojan reveals a clickfraud scheme scoring its perpetrators as much as $10,000 a day

Malware may be a minor issue for Mac users, but Mac users are a major windfall for cyber criminals, if a Symantec analysis of the Flashback Trojan bears out.

The security company reverse-engineered a specific variant of the Mac malware -- dubbed Flashback.K -- and discovered the motivation behind the malware: money. The company found that compromised systems will send the users' ad clicks to other advertisers, earning the cyber criminals money, according to a blog post published this week.

"Flashback specifically targets search queries made on Google and, depending on the search query, may redirect users to another page of the attacker's choosing, where they receive revenue from the click," the company stated, pointing out that Google never receives the click or gains revenue from it.

Clickfraud can be a lucrative crime and primarily victimizes advertisers and search engines. Advertisers pay for ad clicks that do not represent an interested consumer, while redirected ad clicks -- as in the case of Flashback -- take money away from the referrers, usually a search engine.

In November, for example, a complex investigation by the FBI, international law enforcement agencies, and private industry led to the arrest of seven Estonians and a Russian citizen for fraudulently collecting more than $14 million from the ad clicks generated by more than 4 million computers. That attack used malware known as DNSChanger to cause a compromise computer to look up domain names from an attacker-controlled system.

Based on a previous analysis that uncovered criminals being paid $450 per day for clicks coming from 25,000 infected computers and Flashback's estimated 600,000 compromised systems, Symantec estimated that the Flashback botnet could have netted its operators as much as $10,000 a day.

"This ultimately results in lost revenue for Google and untold sums of money for the Flashback gang," the company wrote in the analysis.

This article, "Flashback malware turns Macs into moola, says Symantec," was originally published at InfoWorld.com. Get the first word on what the important tech news really means with the InfoWorld Tech Watch blog. For the latest business technology news, follow InfoWorld.com on Twitter.

Copyright © 2012 IDG Communications, Inc.

How to choose a low-code development platform