Wednesday, May 2, 2012

Is $10,000 per day from Google Ads less for the Flashback malware Creator?

Flashback+malware+Creater+earning+$10,000+per+day+from+Google+Ads
          In a recent analysis of the business model behind the Flashback Trojan, Symantec security researchers reported that the main objective of the malware is revenue generation through an ad-clicking component. Security researchers at Symantec are estimating that the cyber-crimibals behind the Flashback Mac OS X botnet may have raked in about $10,000 a day.

           Dr. Web, the Russian security firm that firm discovered the massive Flashback botnet last month, has provided new data on the number of Macs still infected with the software. The results show that while close to 460,000 machines remain infected, the botnet is shrinking at a rate of close to a hundred thousand machines a week as Mac users get around to downloading Apple’s tool for disinfecting their machines or installing antivirus.

           When an infected user conducts a Google search, Google will return its normal search results. Flashback waits for someone to click on an ad, and once this happens the user is silently directed to another, irrelevant ad that generates revenue for the attackers. As a result, Google doesn't know someone has clicked into its client's ad, and the client never knows its ad wasn't delivered. Ultimately, Google's advertising clients are paying for Flashback's attackers to host ads on Google.

Story Posted on Symantec’s blog:
          The Flashback ad-clicking component is loaded into Chrome, Firefox, and Safari where it can intercept all GET and POST requests from the browser. Flashback specifically targets search queries made on Google and, depending on the search query, may redirect users to another page of the attacker’s choosing, where they receive revenue from the click . (Google never receives the intended ad click.)

          The ad click component parses out requests resulting from an ad click on Google Search and determines if it is on a whitelist. If not, it forwards the request to a malicious server.

Hackers tricked Mac users into downloading the virus by disguising it as an update to Adobe Flash video viewing software.

0 comments:

Post a Comment