Flashback Malware's Ad-Click Hijacking Detailed, Could Reap $10,000/Day

Discussion in 'MacRumors.com News Discussion' started by MacRumors, May 1, 2012.

  1. macrumors bot

    MacRumors

    Joined:
    Apr 12, 2001
    #1
    [​IMG]


    Antivirus firm Symantec has published a new blog post examining how the Flashback malware affecting hundreds of thousand of Macs has been generating revenue for its authors by hijacking users' ad clicks. According to the report, the widespread nature of the infection means that malware authors could have been generating up to $10,000 per day from the scheme at its peak based on previous analysis of malware click redirection.
    Symantec's work on the ad-click hijacking aspect of Flashback comes after Russian firm Dr. Web, which was responsible for the initial publicity about the malware, published its own report examining some of the early data on infected computers seeking to connect to command-and-control servers.

    The report looks at nearly 100,000 connections that came in on April 13, finding that close to two-thirds of the infected machines identified themselves as running Mac OS X Snow Leopard, which was the last version of OS X to ship with Java enabled by default. OS X Lion does not include Java by default, and thus was responsible for only 11% of infections seen during the survey period.

    [​IMG]


    Flashback infection share vs. operating system usage share (Data via Dr. Web, Chart via Computerworld)
    As noted by Computerworld, OS X Lion represents nearly 40% of OS X copies currently in use, suggesting that Apple's decision to remove Java from the default Lion install is indeed helping to limit infections on Apple's newest machines.
    Dr. Web's data on OS kernel versions being reported from infected Macs also demonstrates that many Mac users do not keep their systems up-to-date, with roughly 25% of Snow Leopard and Lion systems seen in the survey reporting themselves as at least one version behind Apple's most recent updates (10.6.8 for Snow Leopard and 10.7.3 for Lion).

    Article Link: Flashback Malware's Ad-Click Hijacking Detailed, Could Reap $10,000/Day
     
  2. macrumors 65816

    Fraaaa

    Joined:
    Mar 22, 2010
    Location:
    London, UK
    #2
    Does anyone knows any free anti-malware software that can find flashback? After Apple released the update that removes it (and actually found it on my mac) I don't know whether I might get that again. Just want to be sure.
     
  3. macrumors G5

    Macman45

    Joined:
    Jul 29, 2011
    Location:
    Somewhere Back In The Long Ago
    #3
    If ever those who are still dragging heels over the move from SL to Lion needed a heads up, the stats are there...Keep up to date, adopt sensible practice and you should be fine....Sticking with "Old faithful" for the sake of it makes no sense at all now.
     
  4. macrumors 6502a

    Joined:
    Oct 22, 2009
    #4
    Apple should follow the money, find out who the perps are then send the boys round to give them a good old fashioned kickin'
     
  5. macrumors 68030

    rjohnstone

    Joined:
    Dec 28, 2007
    Location:
    PHX, AZ.
    #5
    In many cases, upgrading is not possible.
    Some of us with older hardware are SOL due to the lack of compatibility with older equipment or software that is still not supported under Lion.
    Canon has yet to release a stable version of their EOS tools for Lion, so I am forced to keep a laptop with SL on it just so I can use the tools.
     
  6. macrumors 603

    marksman

    Joined:
    Jun 4, 2007
    #6
    What ad network is paying out for these clicks? Most ad networks pay out monthly. Has to be a scummy ad network to not deny payments to this kind of behavior.
     
  7. macrumors regular

    Joined:
    Mar 20, 2012
    #7
    Newbie question

    How do I determine if Java has been enabled on our iMac running Lion? Thanks in advance.
     
  8. macrumors 6502a

    OS X Dude

    Joined:
    Jun 30, 2007
    Location:
    UK
    #8
    Would Google be able to file a lawsuit based on lost revenue?

    Like they need the extra money, but it sounds like something that could potentially stand up. Anything to give these malware authors more ****** is fine by me :)

    ----------

    On Safari, it's Preferences>Security and then see if the 'Enable Java' box is ticked or not. If it's ticked, Java is enabled and vice-versa.

    Generally, you don't need Java. Untick it, and make sure you do the same for any other web browser you may use.
     
  9. macrumors Penryn

    rdowns

    Joined:
    Jul 11, 2003
    #9

    Turn off Java!


    Safari>Preferences>Security> uncheck Java box
     
  10. macrumors G5

    Consultant

    Joined:
    Jun 27, 2007
    #10
    They probably created a number of websites with google and other ads.
     
  11. macrumors 65816

    DisMyMac

    Joined:
    Sep 30, 2009
    #11
    Gosh, what group will they frame for this in the name of defense spending?
     
  12. macrumors 65816

    Fraaaa

    Joined:
    Mar 22, 2010
    Location:
    London, UK
    #12
    Thanks, but that is not the solution I'm asking. I use java for uni.
     
  13. macrumors demi-god

    Shrink

    Joined:
    Feb 26, 2011
    Location:
    New England, USA
    #13
    HUH!!??:confused:
     
  14. macrumors 6502

    Delighted

    Joined:
    Feb 25, 2012
    #14
    where do they get these numbers from? Unless they are tracking EVERY mac, I find it hard to believe that the company can say how many macs are infected.
     
  15. Mal
    macrumors 603

    Mal

    Joined:
    Jan 6, 2002
    Location:
    Orlando
    #15
    Apple's update that you're referring to was not a one-time search and remove. It's permanently blocked that version of Flashback from ever being installed on your computer. By keeping up-to-date, you won't be affected by any current version of Flashback ever again. If you want to protect against future versions, the single best step is to disable Java within whatever browser you use.

    jW
     
  16. macrumors Pentium

    KnightWRX

    Joined:
    Jan 28, 2009
    Location:
    Quebec, Canada
    #16
    X-protect. It's already running on your Mac. No need for anything extra.
     
  17. macrumors 68030

    Snowy_River

    Joined:
    Jul 17, 2002
    Location:
    Corvallis, OR
    #17
    For the sake of it? The cost for me to upgrade would be in the thousands of dollars, entirely in software. I have several software packages that all work just fine, only they are "old" PowerPC code, and, as Apple chose to no longer support Rosetta in Lion, I would suddenly need to upgrade or find replacements for all of them. The cost for doing that makes Lion really easy to resist.

    Hey, if you want to send about $2500 my way so I can upgrade all of my software, I'll gladly spring for the $29 for Lion and install it... ;)
     
  18. macrumors 603

    Rocketman

    #18
    Far too many users are punished for being early adopters of updates to do it. Some intermediate updates even wreck stuff only to have a corrected later version overwrite it, after it is too late.

    Too much pain for folks who just want a tool that works. Not the latest shiny.

    To me this is the central issue Apple should fix now and forever.

    Rocketman
     
  19. macrumors member

    Joined:
    Aug 23, 2011
    #19
    Am I the only one that thinks this Russian Dr. Web firm is somewhat suspicious?
     
  20. macrumors G3

    charlituna

    Joined:
    Jun 11, 2008
    Location:
    Los Angeles, CA
    #20
    it's really not about snow leopard or lion. It's about keeping your software up to date. The only reason lion seems better is because java wasn't pre installed and many users havent needed it. But if you did install it and didn't update your system then you are just at risk

    And there are lots of customers like that. I work with a guy that got a computer in September loaded java cause some game or such needed it and hadn't updated since then. No shock what we found on it
     
  21. macrumors 68000

    kiljoy616

    Joined:
    Apr 17, 2008
    Location:
    USA
    #21
    Just turn off Java I have never used it, non of the other 4 machines have it turned on, no problems. This need to be resolved by Oracle or Sun or whom ever now owns Java. :rolleyes:

    http://www.ijailbreak.com/news/download-java-for-os-x-lion-2012-003-update/
     
  22. macrumors 6502

    Joined:
    Jun 17, 2011
    #22
    Will you be paying for the upgrade to 10.7 for me? I'm not talking about the paltry $29... First, since rosetta support was dropped, I will need about $150 to purchase Intel capable replacement software. Second, is that my flat bed scanner also uses PPC software, which can't be upgraded, so I will need a whole new unit. Comparable scanners are running around $200. Will Paypal work for the $350? If you don't pay, why? Do you feel that it is a stupid waste of money when 10.6 does everything for free?
     
  23. macrumors 68000

    kiljoy616

    Joined:
    Apr 17, 2008
    Location:
    USA
    #23
    Safari>preference>security and uncheck java :), can't think of one web page I use that need it. Is this what you meant?
     
  24. macrumors 6502

    Joined:
    Jun 17, 2011
    #24
    Haha I was writing the same thing while you were.
     
  25. macrumors G3

    roadbloc

    Joined:
    Aug 24, 2009
    Location:
    UK
    #25
    What if upgrading is not an option? One thing I really dislike about Apple is their lack of support for legacy products. Microsoft still maintains XP, why can't Apple do so for their older OSs?
     

Share This Page