Flashback Malware's Ad-Click Hijacking Detailed, Could Reap $10,000/Day

[MacRumors]

Antivirus firm Symantec has published a new blog post examining how the Flashback malware affecting hundreds of thousand of Macs has been generating revenue for its authors by hijacking users' ad clicks. According to the report, the widespread nature of the infection means that malware authors could have been generating up to $10,000 per day from the scheme at its peak based on previous analysis of malware click redirection.

The Flashback ad-clicking component is loaded into Chrome, Firefox, and Safari where it can intercept all GET and POST requests from the browser. Flashback specifically targets search queries made on Google and, depending on the search query, may redirect users to another page of the attacker's choosing, where they receive revenue from the click . (Google never receives the intended ad click.)

Symantec's work on the ad-click hijacking aspect of Flashback comes after Russian firm Dr. Web, which was responsible for the initial publicity about the malware, published its own report examining some of the early data on infected computers seeking to connect to command-and-control servers.

The report looks at nearly 100,000 connections that came in on April 13, finding that close to two-thirds of the infected machines identified themselves as running Mac OS X Snow Leopard, which was the last version of OS X to ship with Java enabled by default. OS X Lion does not include Java by default, and thus was responsible for only 11% of infections seen during the survey period.

Flashback infection share vs. operating system usage share (Data via Dr. Web, Chart via Computerworld)​

As noted by Computerworld, OS X Lion represents nearly 40% of OS X copies currently in use, suggesting that Apple's decision to remove Java from the default Lion install is indeed helping to limit infections on Apple's newest machines.

[W]hile Snow Leopard's and Leopard's infection rates are higher than their usage shares, the opposite's true of OS X 10.7, or Lion. The 2011 OS accounted for 39.6% of all copies of OS X used last month, yet represented only 11.2% of the Flashback-compromised Macs.

Dr. Web's data on OS kernel versions being reported from infected Macs also demonstrates that many Mac users do not keep their systems up-to-date, with roughly 25% of Snow Leopard and Lion systems seen in the survey reporting themselves as at least one version behind Apple's most recent updates (10.6.8 for Snow Leopard and 10.7.3 for Lion).

Article Link: Flashback Malware's Ad-Click Hijacking Detailed, Could Reap $10,000/Day

 

[Fraaaa]

Does anyone knows any free anti-malware software that can find flashback? After Apple released the update that removes it (and actually found it on my mac) I don't know whether I might get that again. Just want to be sure.

 

[Macman45]

If ever those who are still dragging heels over the move from SL to Lion needed a heads up, the stats are there...Keep up to date, adopt sensible practice and you should be fine....Sticking with "Old faithful" for the sake of it makes no sense at all now.

 

[Mike Oxard]

Apple should follow the money, find out who the perps are then send the boys round to give them a good old fashioned kickin'

 

[rjohnstone]

If ever those who are still dragging heels over the move from SL to Lion needed a heads up, the stats are there...Keep up to date, adopt sensible practice and you should be fine....Sticking with "Old faithful" for the sake of it makes no sense at all now.

In many cases, upgrading is not possible.
Some of us with older hardware are SOL due to the lack of compatibility with older equipment or software that is still not supported under Lion.
Canon has yet to release a stable version of their EOS tools for Lion, so I am forced to keep a laptop with SL on it just so I can use the tools.

 

[marksman]

What ad network is paying out for these clicks? Most ad networks pay out monthly. Has to be a scummy ad network to not deny payments to this kind of behavior.

 

[Verbatim Cookie]

Newbie question

How do I determine if Java has been enabled on our iMac running Lion? Thanks in advance.

 

[OS X Dude]

Would Google be able to file a lawsuit based on lost revenue?

Like they need the extra money, but it sounds like something that could potentially stand up. Anything to give these malware authors more ****** is fine by me

----------

How do I determine if Java has been enabled on our iMac running Lion? Thanks in advance.

On Safari, it's Preferences>Security and then see if the 'Enable Java' box is ticked or not. If it's ticked, Java is enabled and vice-versa.

Generally, you don't need Java. Untick it, and make sure you do the same for any other web browser you may use.

 

[rdowns]

Does anyone knows any free anti-malware software that can find flashback? After Apple released the update that removes it (and actually found it on my mac) I don't know whether I might get that again. Just want to be sure.

Turn off Java!

How do I determine if Java has been enabled on our iMac running Lion? Thanks in advance.

Safari>Preferences>Security> uncheck Java box

 

[Consultant]

What ad network is paying out for these clicks? Most ad networks pay out monthly. Has to be a scummy ad network to not deny payments to this kind of behavior.

They probably created a number of websites with google and other ads.

 

[DisMyMac]

Gosh, what group will they frame for this in the name of defense spending?

 

[Fraaaa]

Turn off Java!




Safari>Preferences>Security> uncheck Java box

Thanks, but that is not the solution I'm asking. I use java for uni.

 

[Shrink]

Gosh, what group will they frame for this in the name of defense spending?

HUH!!??

 

[Delighted]

where do they get these numbers from? Unless they are tracking EVERY mac, I find it hard to believe that the company can say how many macs are infected.

 

[Mal]

Does anyone knows any free anti-malware software that can find flashback? After Apple released the update that removes it (and actually found it on my mac) I don't know whether I might get that again. Just want to be sure.

Apple's update that you're referring to was not a one-time search and remove. It's permanently blocked that version of Flashback from ever being installed on your computer. By keeping up-to-date, you won't be affected by any current version of Flashback ever again. If you want to protect against future versions, the single best step is to disable Java within whatever browser you use.

jW

 

[KnightWRX]

Does anyone knows any free anti-malware software that can find flashback? After Apple released the update that removes it (and actually found it on my mac) I don't know whether I might get that again. Just want to be sure.

X-protect. It's already running on your Mac. No need for anything extra.

 

[Snowy_River]

If ever those who are still dragging heels over the move from SL to Lion needed a heads up, the stats are there...Keep up to date, adopt sensible practice and you should be fine....Sticking with "Old faithful" for the sake of it makes no sense at all now.

For the sake of it? The cost for me to upgrade would be in the thousands of dollars, entirely in software. I have several software packages that all work just fine, only they are "old" PowerPC code, and, as Apple chose to no longer support Rosetta in Lion, I would suddenly need to upgrade or find replacements for all of them. The cost for doing that makes Lion really easy to resist.

Hey, if you want to send about $2500 my way so I can upgrade all of my software, I'll gladly spring for the $29 for Lion and install it...

 

[Rocketman]

Far too many users are punished for being early adopters of updates to do it. Some intermediate updates even wreck stuff only to have a corrected later version overwrite it, after it is too late.

Too much pain for folks who just want a tool that works. Not the latest shiny.

To me this is the central issue Apple should fix now and forever.

Rocketman

 

[BiigBiscuit]

Am I the only one that thinks this Russian Dr. Web firm is somewhat suspicious?

 

[charlituna]

If ever those who are still dragging heels over the move from SL to Lion .

it's really not about snow leopard or lion. It's about keeping your software up to date. The only reason lion seems better is because java wasn't pre installed and many users havent needed it. But if you did install it and didn't update your system then you are just at risk

And there are lots of customers like that. I work with a guy that got a computer in September loaded java cause some game or such needed it and hadn't updated since then. No shock what we found on it

 

[kiljoy616]

Does anyone knows any free anti-malware software that can find flashback? After Apple released the update that removes it (and actually found it on my mac) I don't know whether I might get that again. Just want to be sure.

Just turn off Java I have never used it, non of the other 4 machines have it turned on, no problems. This need to be resolved by Oracle or Sun or whom ever now owns Java.

http://www.ijailbreak.com/news/download-java-for-os-x-lion-2012-003-update/

 

[nickn]

If ever those who are still dragging heels over the move from SL to Lion needed a heads up, the stats are there...Keep up to date, adopt sensible practice and you should be fine....Sticking with "Old faithful" for the sake of it makes no sense at all now.

Will you be paying for the upgrade to 10.7 for me? I'm not talking about the paltry $29... First, since rosetta support was dropped, I will need about $150 to purchase Intel capable replacement software. Second, is that my flat bed scanner also uses PPC software, which can't be upgraded, so I will need a whole new unit. Comparable scanners are running around $200. Will Paypal work for the $350? If you don't pay, why? Do you feel that it is a stupid waste of money when 10.6 does everything for free?

 

[kiljoy616]

How do I determine if Java has been enabled on our iMac running Lion? Thanks in advance.

Safari>preference>security and uncheck java , can't think of one web page I use that need it. Is this what you meant?

 

[nickn]

Hey, if you want to send about $2500 my way so I can upgrade all of my software, I'll gladly spring for the $29 for Lion and install it...

Haha I was writing the same thing while you were.

 

[roadbloc]

If ever those who are still dragging heels over the move from SL to Lion needed a heads up, the stats are there...Keep up to date, adopt sensible practice and you should be fine....Sticking with "Old faithful" for the sake of it makes no sense at all now.

What if upgrading is not an option? One thing I really dislike about Apple is their lack of support for legacy products. Microsoft still maintains XP, why can't Apple do so for their older OSs?