Register FAQ / Rules Forum Spy Search Today's Posts Mark Forums Read
Go Back   MacRumors Forums > News and Article Discussion > MacRumors.com News Discussion

Reply
 
Thread Tools Search this Thread Display Modes
Old May 1, 2012, 10:04 AM   #1
MacRumors
macrumors bot
 
Join Date: Apr 2001
Flashback Malware's Ad-Click Hijacking Detailed, Could Reap $10,000/Day




Antivirus firm Symantec has published a new blog post examining how the Flashback malware affecting hundreds of thousand of Macs has been generating revenue for its authors by hijacking users' ad clicks. According to the report, the widespread nature of the infection means that malware authors could have been generating up to $10,000 per day from the scheme at its peak based on previous analysis of malware click redirection.
Quote:
The Flashback ad-clicking component is loaded into Chrome, Firefox, and Safari where it can intercept all GET and POST requests from the browser. Flashback specifically targets search queries made on Google and, depending on the search query, may redirect users to another page of the attacker's choosing, where they receive revenue from the click . (Google never receives the intended ad click.)
Symantec's work on the ad-click hijacking aspect of Flashback comes after Russian firm Dr. Web, which was responsible for the initial publicity about the malware, published its own report examining some of the early data on infected computers seeking to connect to command-and-control servers.

The report looks at nearly 100,000 connections that came in on April 13, finding that close to two-thirds of the infected machines identified themselves as running Mac OS X Snow Leopard, which was the last version of OS X to ship with Java enabled by default. OS X Lion does not include Java by default, and thus was responsible for only 11% of infections seen during the survey period.




Flashback infection share vs. operating system usage share (Data via Dr. Web, Chart via Computerworld)
As noted by Computerworld, OS X Lion represents nearly 40% of OS X copies currently in use, suggesting that Apple's decision to remove Java from the default Lion install is indeed helping to limit infections on Apple's newest machines.
Quote:
[W]hile Snow Leopard's and Leopard's infection rates are higher than their usage shares, the opposite's true of OS X 10.7, or Lion. The 2011 OS accounted for 39.6% of all copies of OS X used last month, yet represented only 11.2% of the Flashback-compromised Macs.
Dr. Web's data on OS kernel versions being reported from infected Macs also demonstrates that many Mac users do not keep their systems up-to-date, with roughly 25% of Snow Leopard and Lion systems seen in the survey reporting themselves as at least one version behind Apple's most recent updates (10.6.8 for Snow Leopard and 10.7.3 for Lion).

Article Link: Flashback Malware's Ad-Click Hijacking Detailed, Could Reap $10,000/Day
MacRumors is offline   0 Reply With Quote
Old May 1, 2012, 10:09 AM   #2
Fraaaa
macrumors 65816
 
Fraaaa's Avatar
 
Join Date: Mar 2010
Location: London, UK
Does anyone knows any free anti-malware software that can find flashback? After Apple released the update that removes it (and actually found it on my mac) I don't know whether I might get that again. Just want to be sure.
__________________
MacBook Air & iPhone4S
The Next Generation of MacBooks is Here!
Fraaaa is offline   3 Reply With Quote
Old May 1, 2012, 10:10 AM   #3
Macman45
macrumors G5
 
Macman45's Avatar
 
Join Date: Jul 2011
Location: Somewhere Back In The Long Ago
If ever those who are still dragging heels over the move from SL to Lion needed a heads up, the stats are there...Keep up to date, adopt sensible practice and you should be fine....Sticking with "Old faithful" for the sake of it makes no sense at all now.
__________________
Thats Not All Folks
Macman45 is offline   -20 Reply With Quote
Old May 1, 2012, 10:11 AM   #4
Mike Oxard
macrumors 6502a
 
Join Date: Oct 2009
Apple should follow the money, find out who the perps are then send the boys round to give them a good old fashioned kickin'
Mike Oxard is offline   12 Reply With Quote
Old May 1, 2012, 10:14 AM   #5
rjohnstone
macrumors 68030
 
rjohnstone's Avatar
 
Join Date: Dec 2007
Location: PHX, AZ.
Quote:
Originally Posted by Macman45 View Post
If ever those who are still dragging heels over the move from SL to Lion needed a heads up, the stats are there...Keep up to date, adopt sensible practice and you should be fine....Sticking with "Old faithful" for the sake of it makes no sense at all now.
In many cases, upgrading is not possible.
Some of us with older hardware are SOL due to the lack of compatibility with older equipment or software that is still not supported under Lion.
Canon has yet to release a stable version of their EOS tools for Lion, so I am forced to keep a laptop with SL on it just so I can use the tools.
__________________
"You can't really dust for vomit" - Nigel Tuffnel
Some Apple *****, some Android ***** and some Windows based *****.
rjohnstone is offline   13 Reply With Quote
Old May 1, 2012, 10:17 AM   #6
marksman
Banned
 
Join Date: Jun 2007
What ad network is paying out for these clicks? Most ad networks pay out monthly. Has to be a scummy ad network to not deny payments to this kind of behavior.
marksman is offline   8 Reply With Quote
Old May 1, 2012, 10:17 AM   #7
Verbatim Cookie
macrumors regular
 
Join Date: Mar 2012
Newbie question

How do I determine if Java has been enabled on our iMac running Lion? Thanks in advance.
Verbatim Cookie is offline   0 Reply With Quote
Old May 1, 2012, 10:19 AM   #8
OS X Dude
macrumors 6502a
 
OS X Dude's Avatar
 
Join Date: Jun 2007
Location: Midlands, UK
Would Google be able to file a lawsuit based on lost revenue?

Like they need the extra money, but it sounds like something that could potentially stand up. Anything to give these malware authors more ****** is fine by me

----------

Quote:
Originally Posted by Verbatim Cookie View Post
How do I determine if Java has been enabled on our iMac running Lion? Thanks in advance.
On Safari, it's Preferences>Security and then see if the 'Enable Java' box is ticked or not. If it's ticked, Java is enabled and vice-versa.

Generally, you don't need Java. Untick it, and make sure you do the same for any other web browser you may use.
__________________
Self-designed and custom-built Manson 'Android'
Fender Jaguar HH
PRS Bernie Marsden Singlecut
H&K TubeMeister 18 Head
OS X Dude is offline   2 Reply With Quote
Old May 1, 2012, 10:20 AM   #9
rdowns
macrumors Penryn
 
rdowns's Avatar
 
Join Date: Jul 2003
Quote:
Originally Posted by Fraaaa View Post
Does anyone knows any free anti-malware software that can find flashback? After Apple released the update that removes it (and actually found it on my mac) I don't know whether I might get that again. Just want to be sure.

Turn off Java!

Quote:
Originally Posted by Verbatim Cookie View Post
How do I determine if Java has been enabled on our iMac running Lion? Thanks in advance.

Safari>Preferences>Security> uncheck Java box
__________________
"Ignorance is not an excuse."- Goodell to Saints GM on Bountygate
rdowns is offline   0 Reply With Quote
Old May 1, 2012, 10:21 AM   #10
Consultant
macrumors G5
 
Consultant's Avatar
 
Join Date: Jun 2007
Quote:
Originally Posted by marksman View Post
What ad network is paying out for these clicks? Most ad networks pay out monthly. Has to be a scummy ad network to not deny payments to this kind of behavior.
They probably created a number of websites with google and other ads.
Consultant is offline   0 Reply With Quote
Old May 1, 2012, 10:23 AM   #11
DisMyMac
macrumors 65816
 
DisMyMac's Avatar
 
Join Date: Sep 2009
Gosh, what group will they frame for this in the name of defense spending?
DisMyMac is offline   -5 Reply With Quote
Old May 1, 2012, 10:29 AM   #12
Fraaaa
macrumors 65816
 
Fraaaa's Avatar
 
Join Date: Mar 2010
Location: London, UK
Quote:
Originally Posted by rdowns View Post
Turn off Java!




Safari>Preferences>Security> uncheck Java box
Thanks, but that is not the solution I'm asking. I use java for uni.
Fraaaa is offline   1 Reply With Quote
Old May 1, 2012, 10:29 AM   #13
Shrink
macrumors Demi-God
 
Shrink's Avatar
 
Join Date: Feb 2011
Location: New England, USA
Quote:
Originally Posted by DisMyMac View Post
Gosh, what group will they frame for this in the name of defense spending?
HUH!!??
__________________
Two things are infinite, the universe and human stupidity; and I'm not sure about the universe. -- Albert Einstein
Shrink is online now   3 Reply With Quote
Old May 1, 2012, 10:30 AM   #14
Delighted
macrumors 6502
 
Join Date: Feb 2012
where do they get these numbers from? Unless they are tracking EVERY mac, I find it hard to believe that the company can say how many macs are infected.
__________________
| Apple Fan | Forum Contributor | Tumblr | Twitter |
Proud Owner of:
Macbook Pro (13.3" Mid 2010) MC374LL/A Snow Leopard
Delighted is offline   6 Reply With Quote
Old May 1, 2012, 10:30 AM   #15
Mal
macrumors 603
 
Mal's Avatar
 
Join Date: Jan 2002
Location: Orlando
Quote:
Originally Posted by Fraaaa View Post
Does anyone knows any free anti-malware software that can find flashback? After Apple released the update that removes it (and actually found it on my mac) I don't know whether I might get that again. Just want to be sure.
Apple's update that you're referring to was not a one-time search and remove. It's permanently blocked that version of Flashback from ever being installed on your computer. By keeping up-to-date, you won't be affected by any current version of Flashback ever again. If you want to protect against future versions, the single best step is to disable Java within whatever browser you use.

jW
__________________
The Bearded Nerd
13" MacBook Pro; 64GB iPod touch
"It's a real burn, being right so often."
NoiseTrade.com/Walker
Mal is offline   0 Reply With Quote
Old May 1, 2012, 10:46 AM   #16
KnightWRX
macrumors Pentium
 
KnightWRX's Avatar
 
Join Date: Jan 2009
Location: Quebec, Canada
Quote:
Originally Posted by Fraaaa View Post
Does anyone knows any free anti-malware software that can find flashback? After Apple released the update that removes it (and actually found it on my mac) I don't know whether I might get that again. Just want to be sure.
X-protect. It's already running on your Mac. No need for anything extra.
__________________
"What you leave behind is not what is engraved in stone monuments, but what is woven into the lives of others."
-- Pericles
KnightWRX is offline   -2 Reply With Quote
Old May 1, 2012, 10:47 AM   #17
Snowy_River
macrumors 68030
 
Snowy_River's Avatar
 
Join Date: Jul 2002
Location: Corvallis, OR
Send a message via AIM to Snowy_River Send a message via Yahoo to Snowy_River
Quote:
Originally Posted by Macman45 View Post
If ever those who are still dragging heels over the move from SL to Lion needed a heads up, the stats are there...Keep up to date, adopt sensible practice and you should be fine....Sticking with "Old faithful" for the sake of it makes no sense at all now.
For the sake of it? The cost for me to upgrade would be in the thousands of dollars, entirely in software. I have several software packages that all work just fine, only they are "old" PowerPC code, and, as Apple chose to no longer support Rosetta in Lion, I would suddenly need to upgrade or find replacements for all of them. The cost for doing that makes Lion really easy to resist.

Hey, if you want to send about $2500 my way so I can upgrade all of my software, I'll gladly spring for the $29 for Lion and install it...
Snowy_River is offline   7 Reply With Quote
Old May 1, 2012, 10:47 AM   #18
Rocketman
macrumors 603
 
Rocketman's Avatar
 
Join Date: Dec 2001
Location: Claremont, CA
Far too many users are punished for being early adopters of updates to do it. Some intermediate updates even wreck stuff only to have a corrected later version overwrite it, after it is too late.

Too much pain for folks who just want a tool that works. Not the latest shiny.

To me this is the central issue Apple should fix now and forever.

Rocketman
__________________
Think Different-ly!
All 357 R or D House jobs bills over 4 years died in the D Senate, ordered by the D President. Buy a model rocket here: http://v-serv.com/usr/instaship-visual.htm Thanks.
Rocketman is offline   1 Reply With Quote
Old May 1, 2012, 10:48 AM   #19
BiigBiscuit
macrumors member
 
Join Date: Aug 2011
Am I the only one that thinks this Russian Dr. Web firm is somewhat suspicious?
BiigBiscuit is offline   6 Reply With Quote
Old May 1, 2012, 10:52 AM   #20
charlituna
macrumors 604
 
charlituna's Avatar
 
Join Date: Jun 2008
Location: Los Angeles, CA
Quote:
Originally Posted by Macman45 View Post
If ever those who are still dragging heels over the move from SL to Lion .
it's really not about snow leopard or lion. It's about keeping your software up to date. The only reason lion seems better is because java wasn't pre installed and many users havent needed it. But if you did install it and didn't update your system then you are just at risk

And there are lots of customers like that. I work with a guy that got a computer in September loaded java cause some game or such needed it and hadn't updated since then. No shock what we found on it
charlituna is offline   0 Reply With Quote
Old May 1, 2012, 10:59 AM   #21
kiljoy616
macrumors 68000
 
kiljoy616's Avatar
 
Join Date: Apr 2008
Location: USA
Quote:
Originally Posted by Fraaaa View Post
Does anyone knows any free anti-malware software that can find flashback? After Apple released the update that removes it (and actually found it on my mac) I don't know whether I might get that again. Just want to be sure.
Just turn off Java I have never used it, non of the other 4 machines have it turned on, no problems. This need to be resolved by Oracle or Sun or whom ever now owns Java.

http://www.ijailbreak.com/news/downl...12-003-update/
__________________
AppleTV 2 + Ipad 2 64 GB (My jukebox) + iMac 27" i5 2.8Ghz 256GB SSD + 1TD HD + Macbook Air 2011 13" SSD 128GB iPhone 4S White
kiljoy616 is offline   -2 Reply With Quote
Old May 1, 2012, 11:01 AM   #22
nickn
macrumors 6502
 
Join Date: Jun 2011
Quote:
Originally Posted by Macman45 View Post
If ever those who are still dragging heels over the move from SL to Lion needed a heads up, the stats are there...Keep up to date, adopt sensible practice and you should be fine....Sticking with "Old faithful" for the sake of it makes no sense at all now.
Will you be paying for the upgrade to 10.7 for me? I'm not talking about the paltry $29... First, since rosetta support was dropped, I will need about $150 to purchase Intel capable replacement software. Second, is that my flat bed scanner also uses PPC software, which can't be upgraded, so I will need a whole new unit. Comparable scanners are running around $200. Will Paypal work for the $350? If you don't pay, why? Do you feel that it is a stupid waste of money when 10.6 does everything for free?
nickn is offline   8 Reply With Quote
Old May 1, 2012, 11:01 AM   #23
kiljoy616
macrumors 68000
 
kiljoy616's Avatar
 
Join Date: Apr 2008
Location: USA
Quote:
Originally Posted by Verbatim Cookie View Post
How do I determine if Java has been enabled on our iMac running Lion? Thanks in advance.
Safari>preference>security and uncheck java , can't think of one web page I use that need it. Is this what you meant?
__________________
AppleTV 2 + Ipad 2 64 GB (My jukebox) + iMac 27" i5 2.8Ghz 256GB SSD + 1TD HD + Macbook Air 2011 13" SSD 128GB iPhone 4S White
kiljoy616 is offline   0 Reply With Quote
Old May 1, 2012, 11:02 AM   #24
nickn
macrumors 6502
 
Join Date: Jun 2011
Quote:
Originally Posted by Snowy_River View Post

Hey, if you want to send about $2500 my way so I can upgrade all of my software, I'll gladly spring for the $29 for Lion and install it...
Haha I was writing the same thing while you were.
nickn is offline   1 Reply With Quote
Old May 1, 2012, 11:05 AM   #25
roadbloc
macrumors 604
 
roadbloc's Avatar
 
Join Date: Aug 2009
Location: UK
Send a message via Skype™ to roadbloc
Quote:
Originally Posted by Macman45 View Post
If ever those who are still dragging heels over the move from SL to Lion needed a heads up, the stats are there...Keep up to date, adopt sensible practice and you should be fine....Sticking with "Old faithful" for the sake of it makes no sense at all now.
What if upgrading is not an option? One thing I really dislike about Apple is their lack of support for legacy products. Microsoft still maintains XP, why can't Apple do so for their older OSs?
__________________
roadbloc is online now   9 Reply With Quote

Reply
MacRumors Forums > News and Article Discussion > MacRumors.com News Discussion

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Similar Threads
thread Thread Starter Forum Replies Last Post
Probable Flashback malware problem jbarnes OS X 2 Apr 2, 2014 04:38 AM
I'm guessing Apple Corp. is 80,000 day persons. iolinux333 iOS 7 11 Mar 24, 2014 09:47 PM
As an app developer, would you prefer a 'simple life' or to make $50,000 per day? thermal Community Discussion 40 Feb 14, 2014 12:53 PM
Yahoo Malware infects 300,000 per hour luckydcxx Apple, Industry and Internet Discussion 4 Jan 7, 2014 06:27 PM
Obama orders federal pay freeze lifted, $1,000,000,000 in increases next year thewitt Politics, Religion, Social Issues 40 Dec 31, 2012 02:03 PM

Forum Jump

All times are GMT -5. The time now is 01:10 PM.

Mac Rumors | Mac | iPhone | iPhone Game Reviews | iPhone Apps

Mobile Version | Fixed | Fluid | Fluid HD
Copyright 2002-2013, MacRumors.com, LLC