Flashback Trojan generates $10,000 per day for attackers - Techist - Tech Forum

Go Back   Techist - Tech Forum > Techist Forum Information > News > The Net
Closed Thread
Thread Tools Display Modes
Old 05-01-2012, 09:54 PM   #1 (permalink)
Destroyer of headlines
Megatron's Avatar
Join Date: Dec 2010
Location: Headlines
Posts: 629
Default Flashback Trojan generates $10,000 per day for attackers

The attackers behind the Flashback Trojan for OS X may be making as much as $10,000 per day through a click fraud scheme involving Google AdWords, Symantec says. The Trojan intercepts all queries made specifically to Google's search engine and will redirect the user to a page of the attacker's choosing. Every time this occurs, the attackers make about 0.8 cents per click.

"Flashback uses a specially crafted user agent in these requests, which is actually the clients universally unique identifier (UUID) encoded in base64", explains Symantec. "This is already sent in the 'ua' query string parameter, so it is likely that this is an effort to thwart 'unknown' parties from investigating the URL with unrecognized user-agents". In other words, the attackers are going to great lengths to cover their tracks.

Flashback could have been generating quite a bit of revenue for its creators based on analyses of previous Trojans using similar click fraud techniques. As many as 700,000 Macs were believed to be infected at its height, making Flashback "a very profitable enterprise indeed, and all the more reason to keep your Mac fully patched and your virus definitions up to date", the company writes in a blog post.

How did the Trojan spread so quickly? It tricked hundreds of thousands of users into downloading what they believed was Adobe's Flash plugin for Mac. Once installed, the Trojan took advantage of a hole in Java to install itself and generate fake search engine results and run other malicious code on the infected Mac.

Symantec criticized Apple for taking so long to patch the issue and letting Flashback become as big of a problem as it is. Oracle had patched the responsible hole in Java in February, but it took an additional six weeks for Apple's patch to make it to the end user. As a result, hundreds of thousands of Macs were unwittingly infected -- many not running any antivirus protection at all.

Apple has made it a signature part of its strategy in attracting converts to boast that Macs do not get viruses. In turn this creates a false sense of security, and most do not bother to install any kind of antivirus protection. Hopefully that has begun to change as it is now clear attackers are turning their attention to the Mac OS X platform.

Megatron is offline  
Closed Thread

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
Over 500,000 Android activations a day and growing Puddle Jumper Phones, Tablets, and other Handheld Devices 17 07-08-2011 08:00 AM
BB FlashBack Express Osiris Tips, Tricks & Tutorials 1 05-06-2009 07:52 AM
Trojan targets 0-day Word vuln Osiris Viruses, Spyware and Malware 2 09-06-2006 02:21 AM
Ati Bios Flashback italianman91 Hardware Repairs and Troubleshooting 8 07-14-2006 08:44 PM

Our Communities

Our communities encompass many different hobbies and interests, but each one is built on friendly, intelligent membership.

» More about our Communities

Automotive Communities

Our Automotive communities encompass many different makes and models. From U.S. domestics to European Saloons.

» More about our Automotive Communities

Marine Communities

Our Marine websites focus on Cruising and Sailing Vessels, including forums and the largest cruising Wiki project on the web today.

» More about our Marine Communities

Copyright 2002-2015 Social Knowledge, LLC All Rights Reserved.

All times are GMT -5. The time now is 12:04 PM.

Powered by vBulletin® Version 3.8.8 Beta 1
Copyright ©2000 - 2016, vBulletin Solutions, Inc.