Security Firm Symantec Analyzes the Profitability of the OSX.Flashback Botnet
Security firm Symantec previously estimated that the authors of the Flashback malware that affected hundreds of thousands of Macs at its peak could have been generating up to $10,000 per day by hijacking users' ad clicks. Further analysis from the company suggests that the developers may have only earned $14,000 over the three weeks the malware was active.
From our analysis we have seen that, for a three-week period starting in April, the botnet displayed over 10 million ads on compromised computers but only a small percentage of users who were shown ads actually clicked them, with close to 400,000 ads being clicked. These numbers earned the attackers $14,000 in these three weeks, although it is worth mentioning that earning the money is only one part of the puzzle—actually collecting that money is another, often more difficult, job. Many PPC providers employ anti-fraud measures and affiliate-verification processes before paying. Fortunately, the attackers in this instance appear to have been unable to complete the necessary steps to be paid.
It is estimated the actual ad-clicking component of Flashback was only installed on about 10,000 of the more than 600,000 infected machines. In other words, utilizing less than 2% of the entire botnet the attackers were able to generate $14,000 in three weeks, meaning that if the attackers were able to use the entire botnet, they could potentially have earned millions of dollars a year.
Symantec notes that the malware developers displayed more than 10 million hijacked ads and could have delivered many more if the developers had been more successful in their attacks.
Some security specialists have said that the Mac OS is "really vulnerable" to further infections, though these claims should perhaps be taken with a grain of salt -- those security specialists make their living off vulnerabilities and it is in their best interest to promote awareness of them.
Popular Stories
Apple has stopped production of FineWoven accessories, according to the Apple leaker and prototype collector known as "Kosutami." In a post on X (formerly Twitter), Kosutami explained that Apple has stopped production of FineWoven accessories due to its poor durability. The company may move to another non-leather material for its premium accessories in the future. Kosutami has revealed...
Apple has announced it will be holding a special event on Tuesday, May 7 at 7 a.m. Pacific Time (10 a.m. Eastern Time), with a live stream to be available on Apple.com and on YouTube as usual. The event invitation has a tagline of "Let Loose" and shows an artistic render of an Apple Pencil, suggesting that iPads will be a focus of the event. Subscribe to the MacRumors YouTube channel for more ...
The upcoming iOS 17.5 update for the iPhone includes only a few new user-facing features, but hidden code changes reveal some additional possibilities. Below, we have recapped everything new in the iOS 17.5 and iPadOS 17.5 beta so far. Web Distribution Starting with the second beta of iOS 17.5, eligible developers are able to distribute their iOS apps to iPhone users located in the EU...
Apple has dropped the number of Vision Pro units that it plans to ship in 2024, going from an expected 700 to 800k units to just 400k to 450k units, according to Apple analyst Ming-Chi Kuo. Orders have been scaled back before the Vision Pro has launched in markets outside of the United States, which Kuo says is a sign that demand in the U.S. has "fallen sharply beyond expectations." As a...
The lead developer of the multi-emulator app Provenance has told iMore that his team is working towards releasing the app on the App Store, but he did not provide a timeframe. Provenance is a frontend for many existing emulators, and it would allow iPhone and Apple TV users to emulate games released for a wide variety of classic game consoles, including the original PlayStation, SEGA Genesis,...
Apple Vision Pro, Apple's $3,500 spatial computing device, appears to be following a pattern familiar to the AR/VR headset industry – initial enthusiasm giving way to a significant dip in sustained interest and usage. Since its debut in the U.S. in February 2024, excitement for the Apple Vision Pro has noticeably cooled, according to Bloomberg's Mark Gurman. Writing in his latest Power On...
Top Rated Comments
I'll say. The more afraid we are, the more we'll pay for their placebo security software.
I say the best security is knowing how to avoid infections in the first place. If you can learn not to download mysterious files, you're half way there.
This isn't one person making $14,000 profit for three weeks of work. There is a lot more work than three weeks of hacking, with many more people involved, for a scheme that managed to produce $14,000 in revenue for three weeks and then fizzled out. A complex software project producing a total of $14,000 in revenue.
I did a quick calculation using the total annual revenue of my company and the number of developers employed, using a number of 230 working days, and I couldn't spend more than three or four days of work for one developer for $14,000 revenue.
I wouldn't be surprised if websites like macrumors did get more additional ad revenue due to people reading stories about flashback and clicking on ads on macrumors, than these hackers made.
PS. Seems at least one of those hackers was angry because I told them they are stupid and doing a lot of work for very little money.
A lot of malware / phishing scams are run by organized crime in Russia.
It would be a cold day in hell before I would ever buy a Symantec product for mac. Their PC editions are resource killing crap. I would put MSE up against them any day.
Considering how Flashback infects Macs, seems like a hackers' basic business model to me..
That was yesterday. Does that count as "the next story"? Headline: "'Catastrophic' Avira antivirus update bricks Windows PCs"
http://www.theregister.co.uk/2012/05/16/avira_update_snafu/
This "anti-virus" software thought it had found viruses in essential parts of Windows, that are actually signed by Microsoft. Someone commented "Either the bad guys cracked Microsoft's code signing; in that case we can just give up. Or they didn't, in that case the anti-virus software was wrong. In either case, the anti-virus software shouldn't touch anything that is code-signed by Microsoft".