Become a MacRumors Supporter for $25/year with no ads, private forums, and more!

MacRumors

macrumors bot
Original poster
Apr 12, 2001
52,006
13,628



Antivirus firm Symantec has published a new blog post examining how the Flashback malware affecting hundreds of thousand of Macs has been generating revenue for its authors by hijacking users' ad clicks. According to the report, the widespread nature of the infection means that malware authors could have been generating up to $10,000 per day from the scheme at its peak based on previous analysis of malware click redirection.
The Flashback ad-clicking component is loaded into Chrome, Firefox, and Safari where it can intercept all GET and POST requests from the browser. Flashback specifically targets search queries made on Google and, depending on the search query, may redirect users to another page of the attacker's choosing, where they receive revenue from the click . (Google never receives the intended ad click.)
Symantec's work on the ad-click hijacking aspect of Flashback comes after Russian firm Dr. Web, which was responsible for the initial publicity about the malware, published its own report examining some of the early data on infected computers seeking to connect to command-and-control servers.

The report looks at nearly 100,000 connections that came in on April 13, finding that close to two-thirds of the infected machines identified themselves as running Mac OS X Snow Leopard, which was the last version of OS X to ship with Java enabled by default. OS X Lion does not include Java by default, and thus was responsible for only 11% of infections seen during the survey period.

flashback_infection_os_share.jpg



Flashback infection share vs. operating system usage share (Data via Dr. Web, Chart via Computerworld)
As noted by Computerworld, OS X Lion represents nearly 40% of OS X copies currently in use, suggesting that Apple's decision to remove Java from the default Lion install is indeed helping to limit infections on Apple's newest machines.
[W]hile Snow Leopard's and Leopard's infection rates are higher than their usage shares, the opposite's true of OS X 10.7, or Lion. The 2011 OS accounted for 39.6% of all copies of OS X used last month, yet represented only 11.2% of the Flashback-compromised Macs.
Dr. Web's data on OS kernel versions being reported from infected Macs also demonstrates that many Mac users do not keep their systems up-to-date, with roughly 25% of Snow Leopard and Lion systems seen in the survey reporting themselves as at least one version behind Apple's most recent updates (10.6.8 for Snow Leopard and 10.7.3 for Lion).

Article Link: Flashback Malware's Ad-Click Hijacking Detailed, Could Reap $10,000/Day
 

Fraaaa

macrumors 65816
Mar 22, 2010
1,081
0
London, UK
Does anyone knows any free anti-malware software that can find flashback? After Apple released the update that removes it (and actually found it on my mac) I don't know whether I might get that again. Just want to be sure.
 
Comment

Macman45

macrumors G5
Jul 29, 2011
13,198
133
Somewhere Back In The Long Ago
If ever those who are still dragging heels over the move from SL to Lion needed a heads up, the stats are there...Keep up to date, adopt sensible practice and you should be fine....Sticking with "Old faithful" for the sake of it makes no sense at all now.
 
Comment

Mike Oxard

macrumors 6502a
Oct 22, 2009
804
456
Apple should follow the money, find out who the perps are then send the boys round to give them a good old fashioned kickin'
 
Comment

rjohnstone

macrumors 68040
Dec 28, 2007
3,680
3,887
PHX, AZ.
If ever those who are still dragging heels over the move from SL to Lion needed a heads up, the stats are there...Keep up to date, adopt sensible practice and you should be fine....Sticking with "Old faithful" for the sake of it makes no sense at all now.
In many cases, upgrading is not possible.
Some of us with older hardware are SOL due to the lack of compatibility with older equipment or software that is still not supported under Lion.
Canon has yet to release a stable version of their EOS tools for Lion, so I am forced to keep a laptop with SL on it just so I can use the tools.
 
Comment

marksman

macrumors 603
Jun 4, 2007
5,764
5
What ad network is paying out for these clicks? Most ad networks pay out monthly. Has to be a scummy ad network to not deny payments to this kind of behavior.
 
Comment

Verbatim Cookie

macrumors regular
Mar 20, 2012
119
0
Newbie question

How do I determine if Java has been enabled on our iMac running Lion? Thanks in advance.
 
Comment

OS X Dude

macrumors 6502a
Jun 30, 2007
992
247
UK
Would Google be able to file a lawsuit based on lost revenue?

Like they need the extra money, but it sounds like something that could potentially stand up. Anything to give these malware authors more ****** is fine by me :)

----------

How do I determine if Java has been enabled on our iMac running Lion? Thanks in advance.

On Safari, it's Preferences>Security and then see if the 'Enable Java' box is ticked or not. If it's ticked, Java is enabled and vice-versa.

Generally, you don't need Java. Untick it, and make sure you do the same for any other web browser you may use.
 
Comment

rdowns

macrumors Penryn
Jul 11, 2003
27,397
12,513
Does anyone knows any free anti-malware software that can find flashback? After Apple released the update that removes it (and actually found it on my mac) I don't know whether I might get that again. Just want to be sure.


Turn off Java!

How do I determine if Java has been enabled on our iMac running Lion? Thanks in advance.


Safari>Preferences>Security> uncheck Java box
 
Comment

Consultant

macrumors G5
Jun 27, 2007
13,313
33
What ad network is paying out for these clicks? Most ad networks pay out monthly. Has to be a scummy ad network to not deny payments to this kind of behavior.

They probably created a number of websites with google and other ads.
 
Comment

DisMyMac

macrumors 65816
Sep 30, 2009
1,087
11
Gosh, what group will they frame for this in the name of defense spending?
 
Comment

Delighted

macrumors 6502
Feb 25, 2012
253
1
where do they get these numbers from? Unless they are tracking EVERY mac, I find it hard to believe that the company can say how many macs are infected.
 
Comment

Mal

macrumors 603
Jan 6, 2002
6,249
17
Orlando
Does anyone knows any free anti-malware software that can find flashback? After Apple released the update that removes it (and actually found it on my mac) I don't know whether I might get that again. Just want to be sure.

Apple's update that you're referring to was not a one-time search and remove. It's permanently blocked that version of Flashback from ever being installed on your computer. By keeping up-to-date, you won't be affected by any current version of Flashback ever again. If you want to protect against future versions, the single best step is to disable Java within whatever browser you use.

jW
 
Comment

KnightWRX

macrumors Pentium
Jan 28, 2009
15,046
4
Quebec, Canada
Does anyone knows any free anti-malware software that can find flashback? After Apple released the update that removes it (and actually found it on my mac) I don't know whether I might get that again. Just want to be sure.

X-protect. It's already running on your Mac. No need for anything extra.
 
Comment

Snowy_River

macrumors 68030
Jul 17, 2002
2,519
0
Corvallis, OR
If ever those who are still dragging heels over the move from SL to Lion needed a heads up, the stats are there...Keep up to date, adopt sensible practice and you should be fine....Sticking with "Old faithful" for the sake of it makes no sense at all now.

For the sake of it? The cost for me to upgrade would be in the thousands of dollars, entirely in software. I have several software packages that all work just fine, only they are "old" PowerPC code, and, as Apple chose to no longer support Rosetta in Lion, I would suddenly need to upgrade or find replacements for all of them. The cost for doing that makes Lion really easy to resist.

Hey, if you want to send about $2500 my way so I can upgrade all of my software, I'll gladly spring for the $29 for Lion and install it... ;)
 
Comment

Rocketman

macrumors 603
Far too many users are punished for being early adopters of updates to do it. Some intermediate updates even wreck stuff only to have a corrected later version overwrite it, after it is too late.

Too much pain for folks who just want a tool that works. Not the latest shiny.

To me this is the central issue Apple should fix now and forever.

Rocketman
 
Comment

charlituna

macrumors G3
Jun 11, 2008
9,633
815
Los Angeles, CA
If ever those who are still dragging heels over the move from SL to Lion .

it's really not about snow leopard or lion. It's about keeping your software up to date. The only reason lion seems better is because java wasn't pre installed and many users havent needed it. But if you did install it and didn't update your system then you are just at risk

And there are lots of customers like that. I work with a guy that got a computer in September loaded java cause some game or such needed it and hadn't updated since then. No shock what we found on it
 
Comment

kiljoy616

macrumors 68000
Apr 17, 2008
1,795
0
USA
Does anyone knows any free anti-malware software that can find flashback? After Apple released the update that removes it (and actually found it on my mac) I don't know whether I might get that again. Just want to be sure.

Just turn off Java I have never used it, non of the other 4 machines have it turned on, no problems. This need to be resolved by Oracle or Sun or whom ever now owns Java. :rolleyes:

http://www.ijailbreak.com/news/download-java-for-os-x-lion-2012-003-update/
 
Comment

nickn

macrumors 6502
Jun 17, 2011
386
0
If ever those who are still dragging heels over the move from SL to Lion needed a heads up, the stats are there...Keep up to date, adopt sensible practice and you should be fine....Sticking with "Old faithful" for the sake of it makes no sense at all now.

Will you be paying for the upgrade to 10.7 for me? I'm not talking about the paltry $29... First, since rosetta support was dropped, I will need about $150 to purchase Intel capable replacement software. Second, is that my flat bed scanner also uses PPC software, which can't be upgraded, so I will need a whole new unit. Comparable scanners are running around $200. Will Paypal work for the $350? If you don't pay, why? Do you feel that it is a stupid waste of money when 10.6 does everything for free?
 
Comment

roadbloc

macrumors G3
Aug 24, 2009
8,784
213
UK
If ever those who are still dragging heels over the move from SL to Lion needed a heads up, the stats are there...Keep up to date, adopt sensible practice and you should be fine....Sticking with "Old faithful" for the sake of it makes no sense at all now.

What if upgrading is not an option? One thing I really dislike about Apple is their lack of support for legacy products. Microsoft still maintains XP, why can't Apple do so for their older OSs?
 
Comment
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.