Flashback Malware's Ad-Click Hijacking Detailed, Could Reap $10,000/Day

Discussion in 'MacRumors.com News Discussion' started by MacRumors, May 1, 2012.

  1. MacRumors macrumors bot


    Apr 12, 2001

    Antivirus firm Symantec has published a new blog post examining how the Flashback malware affecting hundreds of thousand of Macs has been generating revenue for its authors by hijacking users' ad clicks. According to the report, the widespread nature of the infection means that malware authors could have been generating up to $10,000 per day from the scheme at its peak based on previous analysis of malware click redirection.
    Symantec's work on the ad-click hijacking aspect of Flashback comes after Russian firm Dr. Web, which was responsible for the initial publicity about the malware, published its own report examining some of the early data on infected computers seeking to connect to command-and-control servers.

    The report looks at nearly 100,000 connections that came in on April 13, finding that close to two-thirds of the infected machines identified themselves as running Mac OS X Snow Leopard, which was the last version of OS X to ship with Java enabled by default. OS X Lion does not include Java by default, and thus was responsible for only 11% of infections seen during the survey period.


    Flashback infection share vs. operating system usage share (Data via Dr. Web, Chart via Computerworld)
    As noted by Computerworld, OS X Lion represents nearly 40% of OS X copies currently in use, suggesting that Apple's decision to remove Java from the default Lion install is indeed helping to limit infections on Apple's newest machines.
    Dr. Web's data on OS kernel versions being reported from infected Macs also demonstrates that many Mac users do not keep their systems up-to-date, with roughly 25% of Snow Leopard and Lion systems seen in the survey reporting themselves as at least one version behind Apple's most recent updates (10.6.8 for Snow Leopard and 10.7.3 for Lion).

    Article Link: Flashback Malware's Ad-Click Hijacking Detailed, Could Reap $10,000/Day
  2. Fraaaa macrumors 65816


    Mar 22, 2010
    London, UK
    Does anyone knows any free anti-malware software that can find flashback? After Apple released the update that removes it (and actually found it on my mac) I don't know whether I might get that again. Just want to be sure.
  3. Macman45 macrumors demi-god


    Jul 29, 2011
    Somewhere Back In The Long Ago
    If ever those who are still dragging heels over the move from SL to Lion needed a heads up, the stats are there...Keep up to date, adopt sensible practice and you should be fine....Sticking with "Old faithful" for the sake of it makes no sense at all now.
  4. Mike Oxard macrumors 6502a

    Mike Oxard

    Oct 22, 2009
    Apple should follow the money, find out who the perps are then send the boys round to give them a good old fashioned kickin'
  5. rjohnstone macrumors 68040


    Dec 28, 2007
    PHX, AZ.
    In many cases, upgrading is not possible.
    Some of us with older hardware are SOL due to the lack of compatibility with older equipment or software that is still not supported under Lion.
    Canon has yet to release a stable version of their EOS tools for Lion, so I am forced to keep a laptop with SL on it just so I can use the tools.
  6. marksman macrumors 603


    Jun 4, 2007
    What ad network is paying out for these clicks? Most ad networks pay out monthly. Has to be a scummy ad network to not deny payments to this kind of behavior.
  7. Verbatim Cookie macrumors regular

    Mar 20, 2012
    Newbie question

    How do I determine if Java has been enabled on our iMac running Lion? Thanks in advance.
  8. OS X Dude macrumors 6502a

    OS X Dude

    Jun 30, 2007
    Would Google be able to file a lawsuit based on lost revenue?

    Like they need the extra money, but it sounds like something that could potentially stand up. Anything to give these malware authors more ****** is fine by me :)


    On Safari, it's Preferences>Security and then see if the 'Enable Java' box is ticked or not. If it's ticked, Java is enabled and vice-versa.

    Generally, you don't need Java. Untick it, and make sure you do the same for any other web browser you may use.
  9. rdowns macrumors Penryn


    Jul 11, 2003

    Turn off Java!

    Safari>Preferences>Security> uncheck Java box
  10. Consultant macrumors G5


    Jun 27, 2007
    They probably created a number of websites with google and other ads.
  11. DisMyMac macrumors 65816


    Sep 30, 2009
    Gosh, what group will they frame for this in the name of defense spending?
  12. Fraaaa macrumors 65816


    Mar 22, 2010
    London, UK
    Thanks, but that is not the solution I'm asking. I use java for uni.
  13. Shrink macrumors G3


    Feb 26, 2011
    New England, USA
  14. Delighted macrumors 6502


    Feb 25, 2012
    where do they get these numbers from? Unless they are tracking EVERY mac, I find it hard to believe that the company can say how many macs are infected.
  15. Mal macrumors 603


    Jan 6, 2002
    Apple's update that you're referring to was not a one-time search and remove. It's permanently blocked that version of Flashback from ever being installed on your computer. By keeping up-to-date, you won't be affected by any current version of Flashback ever again. If you want to protect against future versions, the single best step is to disable Java within whatever browser you use.

  16. KnightWRX macrumors Pentium


    Jan 28, 2009
    Quebec, Canada
    X-protect. It's already running on your Mac. No need for anything extra.
  17. Snowy_River macrumors 68030


    Jul 17, 2002
    Corvallis, OR
    For the sake of it? The cost for me to upgrade would be in the thousands of dollars, entirely in software. I have several software packages that all work just fine, only they are "old" PowerPC code, and, as Apple chose to no longer support Rosetta in Lion, I would suddenly need to upgrade or find replacements for all of them. The cost for doing that makes Lion really easy to resist.

    Hey, if you want to send about $2500 my way so I can upgrade all of my software, I'll gladly spring for the $29 for Lion and install it... ;)
  18. Rocketman macrumors 603


    Far too many users are punished for being early adopters of updates to do it. Some intermediate updates even wreck stuff only to have a corrected later version overwrite it, after it is too late.

    Too much pain for folks who just want a tool that works. Not the latest shiny.

    To me this is the central issue Apple should fix now and forever.

  19. BiigBiscuit macrumors member

    Aug 23, 2011
    Am I the only one that thinks this Russian Dr. Web firm is somewhat suspicious?
  20. charlituna macrumors G3


    Jun 11, 2008
    Los Angeles, CA
    it's really not about snow leopard or lion. It's about keeping your software up to date. The only reason lion seems better is because java wasn't pre installed and many users havent needed it. But if you did install it and didn't update your system then you are just at risk

    And there are lots of customers like that. I work with a guy that got a computer in September loaded java cause some game or such needed it and hadn't updated since then. No shock what we found on it
  21. kiljoy616 macrumors 68000


    Apr 17, 2008
    Just turn off Java I have never used it, non of the other 4 machines have it turned on, no problems. This need to be resolved by Oracle or Sun or whom ever now owns Java. :rolleyes:

  22. nickn macrumors 6502

    Jun 17, 2011
    Will you be paying for the upgrade to 10.7 for me? I'm not talking about the paltry $29... First, since rosetta support was dropped, I will need about $150 to purchase Intel capable replacement software. Second, is that my flat bed scanner also uses PPC software, which can't be upgraded, so I will need a whole new unit. Comparable scanners are running around $200. Will Paypal work for the $350? If you don't pay, why? Do you feel that it is a stupid waste of money when 10.6 does everything for free?
  23. kiljoy616 macrumors 68000


    Apr 17, 2008
    Safari>preference>security and uncheck java :), can't think of one web page I use that need it. Is this what you meant?
  24. nickn macrumors 6502

    Jun 17, 2011
    Haha I was writing the same thing while you were.
  25. roadbloc macrumors G3


    Aug 24, 2009
    What if upgrading is not an option? One thing I really dislike about Apple is their lack of support for legacy products. Microsoft still maintains XP, why can't Apple do so for their older OSs?

Share This Page