The Flashback Trojan uses ad click hijacking to rake in the money
The Flashback Trojan that has been attacking Mac computers these past few months has been generating a huge amount of money for its authors, according to Symantec.
The security firm has been taking a close look at the malware, called OSX.Flashback.K, and claimed that "revenue generation" was the end goal of whoever wrote and released it into the wild.
It includes an ad-clicking component that installs itself in Chrome, Firefox, and Safari and intercepts all GET and POST requests from the browser, as well as certain search queries. When that search term is entered, the unsuspecting user is redirected to a website which will pay the cyber crooks ad revenue.
This ad-hijacking is nothing new, Symantec says, and similar cases have proved very profitable. "In an analysis of W32.Xpaj.B last August a botnet measuring in the region of 25,000 infections could generate the author up to $450 per day," the company said on its blog.
"Considering the Flashback Trojan measures in the hundreds of thousands, this figure could sharply rise to the order of $10000 per day," Symantec added.
Symantec joined the list of companies that have suggested Apple could have acted faster to protect its users. The Java exploit the malware used to infect machines was patched by Oracle back in February, but Apple delayed pushing out an update.
"Unfortunately for Mac users, there was a large window of exposure since Apple's patch for this vulnerability was not available for six weeks," Symantec said. "This window of opportunity helped the Flashback Trojan to infect Macs on a large scale. The Flashback authors took advantage of the gap between Oracle and Apple's patches by exploiting vulnerable websites."
This thought echoes those of Russia security giant Kaspersky Lab. The company's Chief Security Expert, Alexander Gostev, also blamed Apple.
"The three month delay in sending a security update was a bad decision on Apple's part," said Gostev. "Apple knew about this Java vulnerability for three months, and yet neglected to push through an update in all that time."
Kaspersky Lab founder and CEO Eugene Kaspersky went even further, claiming Apple is a full decade behind Microsoft when it comes to security, specifically the way it approaches the update and patching cycle.
"I think they are ten years behind Microsoft in terms of security," he told CBR recently. "Apple is now entering the same world as Microsoft has been in for more than 10 years: updates, security patches and so on. They will understand very soon that they have the same problems Microsoft had ten or 12 years ago. They will have to make changes in terms of the cycle of updates and so on and will be forced to invest more into their security audits for the software."
"That's what Microsoft did in the past after so many incidents like Blaster and the more complicated worms that infected millions of computers in a short time. They had to do a lot of work to check the code to find mistakes and vulnerabilities. Now it's time for Apple [to do that]," he added.