Flashback malware Creater earning $10,000 per day from Google Ads
In a recent analysis of the business model behind the Flashback Trojan, Symantec security researchers reported that the main objective of the malware is revenue generation through an ad-clicking component. Security researchers at Symantec are estimating that the cyber-crimibals behind the Flashback Mac OS X botnet may have raked in about $10,000 a day
Dr. Web, the Russian security firm that firm discovered the massive Flashback botnet last month, has provided new data on the number of Macs still infected with the software. The results show that while close to 460,000 machines remain infected, the botnet is shrinking at a rate of close to a hundred thousand machines a week as Mac users get around to downloading Apple’s tool for disinfecting their machines or installing antivirus.
when an infected user conducts a Google search, Google will return its normal search results. Flashback waits for someone to click on an ad, and once this happens the user is silently directed to another, irrelievant ad that generates revenue for the attackers.As a result, Google doesn't know someone has clicked into its client's ad, and the client never knows its ad wasn't delivered. Ultimately, Google's advertising clients are paying for Flashback's attackers to host ads on Google.
Story Posted on Symantec’s blog:when an infected user conducts a Google search, Google will return its normal search results. Flashback waits for someone to click on an ad, and once this happens the user is silently directed to another, irrelievant ad that generates revenue for the attackers.As a result, Google doesn't know someone has clicked into its client's ad, and the client never knows its ad wasn't delivered. Ultimately, Google's advertising clients are paying for Flashback's attackers to host ads on Google.
"The Flashback ad-clicking component is loaded into Chrome, Firefox, and Safari where it can intercept all GET and POST requests from the browser. Flashback specifically targets search queries made on Google and, depending on the search query, may redirect users to another page of the attacker’s choosing, where they receive revenue from the click . (Google never receives the intended ad click.)"
The ad click component parses out requests resulting from an ad click on Google Search and determines if it is on a whitelist. If not, it forwards the request to a malicious server.
Hackers tricked Mac users into downloading the virus by disguising it as an update to Adobe Flash video viewing software.Flashback Trojan malware tailored to slip past "Mac" defenses is a variation on viruses typically aimed at personal computers (PCs) powered by Microsoft's Windows operating systems.
-
¤®ä冤
Comments