New in OS X: Get MacRumors Push Notifications on your Mac

Resubscribe Now Close

Flashback Malware's Ad-Click Hijacking Detailed, Could Reap $10,000/Day

Tuesday May 1, 2012 8:04 am PDT by Eric Slivka
Antivirus firm Symantec has published a new blog post examining how the Flashback malware affecting hundreds of thousand of Macs has been generating revenue for its authors by hijacking users' ad clicks. According to the report, the widespread nature of the infection means that malware authors could have been generating up to $10,000 per day from the scheme at its peak based on previous analysis of malware click redirection.
The Flashback ad-clicking component is loaded into Chrome, Firefox, and Safari where it can intercept all GET and POST requests from the browser. Flashback specifically targets search queries made on Google and, depending on the search query, may redirect users to another page of the attacker's choosing, where they receive revenue from the click . (Google never receives the intended ad click.)
Symantec's work on the ad-click hijacking aspect of Flashback comes after Russian firm Dr. Web, which was responsible for the initial publicity about the malware, published its own report examining some of the early data on infected computers seeking to connect to command-and-control servers.

The report looks at nearly 100,000 connections that came in on April 13, finding that close to two-thirds of the infected machines identified themselves as running Mac OS X Snow Leopard, which was the last version of OS X to ship with Java enabled by default. OS X Lion does not include Java by default, and thus was responsible for only 11% of infections seen during the survey period.


Flashback infection share vs. operating system usage share (Data via Dr. Web, Chart via Computerworld)

As noted by Computerworld, OS X Lion represents nearly 40% of OS X copies currently in use, suggesting that Apple's decision to remove Java from the default Lion install is indeed helping to limit infections on Apple's newest machines.
[W]hile Snow Leopard's and Leopard's infection rates are higher than their usage shares, the opposite's true of OS X 10.7, or Lion. The 2011 OS accounted for 39.6% of all copies of OS X used last month, yet represented only 11.2% of the Flashback-compromised Macs.
Dr. Web's data on OS kernel versions being reported from infected Macs also demonstrates that many Mac users do not keep their systems up-to-date, with roughly 25% of Snow Leopard and Lion systems seen in the survey reporting themselves as at least one version behind Apple's most recent updates (10.6.8 for Snow Leopard and 10.7.3 for Lion).

[ 81 comments ]


Top Rated Comments

(View all)

Avatar
rjohnstone
91 months ago

If ever those who are still dragging heels over the move from SL to Lion needed a heads up, the stats are there...Keep up to date, adopt sensible practice and you should be fine....Sticking with "Old faithful" for the sake of it makes no sense at all now.

In many cases, upgrading is not possible.
Some of us with older hardware are SOL due to the lack of compatibility with older equipment or software that is still not supported under Lion.
Canon has yet to release a stable version of their EOS tools for Lion, so I am forced to keep a laptop with SL on it just so I can use the tools.
Rating: 13 Votes
Avatar
Mike Oxard
91 months ago
Apple should follow the money, find out who the perps are then send the boys round to give them a good old fashioned kickin'
Rating: 12 Votes
Avatar
roadbloc
91 months ago

If ever those who are still dragging heels over the move from SL to Lion needed a heads up, the stats are there...Keep up to date, adopt sensible practice and you should be fine....Sticking with "Old faithful" for the sake of it makes no sense at all now.


What if upgrading is not an option? One thing I really dislike about Apple is their lack of support for legacy products. Microsoft still maintains XP, why can't Apple do so for their older OSs?
Rating: 9 Votes
Avatar
marksman
91 months ago
What ad network is paying out for these clicks? Most ad networks pay out monthly. Has to be a scummy ad network to not deny payments to this kind of behavior.
Rating: 8 Votes
Avatar
nickn
91 months ago

If ever those who are still dragging heels over the move from SL to Lion needed a heads up, the stats are there...Keep up to date, adopt sensible practice and you should be fine....Sticking with "Old faithful" for the sake of it makes no sense at all now.


Will you be paying for the upgrade to 10.7 for me? I'm not talking about the paltry $29... First, since rosetta support was dropped, I will need about $150 to purchase Intel capable replacement software. Second, is that my flat bed scanner also uses PPC software, which can't be upgraded, so I will need a whole new unit. Comparable scanners are running around $200. Will Paypal work for the $350? If you don't pay, why? Do you feel that it is a stupid waste of money when 10.6 does everything for free?
Rating: 8 Votes
Avatar
Snowy_River
91 months ago

If ever those who are still dragging heels over the move from SL to Lion needed a heads up, the stats are there...Keep up to date, adopt sensible practice and you should be fine....Sticking with "Old faithful" for the sake of it makes no sense at all now.


For the sake of it? The cost for me to upgrade would be in the thousands of dollars, entirely in software. I have several software packages that all work just fine, only they are "old" PowerPC code, and, as Apple chose to no longer support Rosetta in Lion, I would suddenly need to upgrade or find replacements for all of them. The cost for doing that makes Lion really easy to resist.

Hey, if you want to send about $2500 my way so I can upgrade all of my software, I'll gladly spring for the $29 for Lion and install it... ;)
Rating: 7 Votes
Avatar
John.B
91 months ago
46% of statistics are made up on the spot.
Rating: 7 Votes
Avatar
BiigBiscuit
91 months ago
Am I the only one that thinks this Russian Dr. Web firm is somewhat suspicious?
Rating: 6 Votes
Avatar
chukronos
91 months ago

How long should they support it? 5 years? 10 years?


MS is supporting XP through 2014. Perhaps apple should do something similar. I find it bizarre that apple won't even support safari for osx 10.5, but supports safari for windows xp.
Rating: 6 Votes
Avatar
thejadedmonkey
91 months ago

Hahaha, really?

Windows lifecycle fact sheet (http://windows.microsoft.com/en-us/windows/products/lifecycle)

Mainstream support for XP SP3 ended April 8, 2009, for Vista it ended a couple of weeks ago on April 10, 2012.


Actually yes. Because where Apple stops everything when it ends support, Microsoft puts OS's into what's called "Extended support", which is basically life support. I don't believe they offer tech support or product updates anymore, but they continue to provide security patches to keep the system secure. That's a hell of a lot more than Apple does. To the average consumer, that's what an OS lifecycle is, as their OEM is the one providing tech support.
Rating: 6 Votes

[ Read All Comments ]