In a recent analysis of
the business model behind the Flashback Trojan, Symantec security
researchers reported that the main objective of the malware is revenue
generation through an ad-clicking component. Security researchers at
Symantec are estimating that the cyber-crimibals behind the Flashback
Mac OS X botnet may have raked in about $10,000 a day.
Dr. Web, the Russian security firm
that firm discovered the massive Flashback botnet last month, has
provided new data on the number of Macs still infected with the
software. The results show that while close to 460,000 machines remain
infected, the botnet is shrinking at a rate of close to a hundred
thousand machines a week as Mac users get around to downloading Apple’s
tool for disinfecting their machines or installing antivirus.
When an infected user conducts a Google search, Google will return its normal search results. Flashback waits for someone to click on an ad, and once this happens the user is silently directed to another, irrelevant ad that generates revenue for the attackers. As a result, Google doesn't know someone has clicked into its client's ad, and the client never knows its ad wasn't delivered. Ultimately, Google's advertising clients are paying for Flashback's attackers to host ads on Google.
Story Posted on Symantec’s blog:When an infected user conducts a Google search, Google will return its normal search results. Flashback waits for someone to click on an ad, and once this happens the user is silently directed to another, irrelevant ad that generates revenue for the attackers. As a result, Google doesn't know someone has clicked into its client's ad, and the client never knows its ad wasn't delivered. Ultimately, Google's advertising clients are paying for Flashback's attackers to host ads on Google.
The
Flashback ad-clicking component is loaded into Chrome, Firefox, and
Safari where it can intercept all GET and POST requests from the
browser. Flashback specifically targets search queries made on Google
and, depending on the search query, may redirect users to another page
of the attacker’s choosing, where they receive revenue from the click .
(Google never receives the intended ad click.)
The
ad click component parses out requests resulting from an ad click on
Google Search and determines if it is on a whitelist. If not, it
forwards the request to a malicious server.
Hackers tricked Mac
users into downloading the virus by disguising it as an update to Adobe
Flash video viewing software.
0 comments:
Post a Comment