In most cases when somebody releases a botnet or virus, it is to generate money from poor, unsuspecting victims. Such was the case with the recent Flashback botnet unleashed on Mac devices. That botnet managed to generate $14,000 from its click fraud campaign. However, the beautiful hand of irony has decided to rest gently on the botnet’s shoulder as not a single cent of that money has been paid to the botnet creators according to Symantec.
According to a recent interview with Manager of Operations at Symantec’s Security Response Center Liam O Murchu, a new analysis of the traffic between the Macs the botnet infected and the command-and-control servers showed exactly how much the scam generated as well as the fact that none of the money had been paid.
O Murchu gave a lot of credit to security companies and their efforts at making sure the handlers of the botnet didn’t get paid. “Lots of security companies sinkholed Flashback domains, and this caused the hackers a lot of problems,” O Murchu noted.
The efforts of the security companies started in early April where antivirus vendors like Symantec grabbed potential command-and-control domains before the hackers were able to. In effect, this blocked orders from reaching many of the nearly 600,000 infected Mac computers. Instead, the commands fell into oblivion.
Unfortunately, not everyone was saved as the botnets were still able to retain control over some 10,000 computers, which they then infected with additional code that steals clicks from ads that Google’s search engine shows alongside search results. All in all, the creators of Flashback were able to use less than 2% of the botnet to generate ghost clicks.
That may not seem like much but consider this: Each of the infected Macs displayed more than 10 million ads in three weeks. Of those ads, 400,000 were clicked by users. Each of those 400,000 clicks totaled up to approximately $14,000. Like I said, it may not seem like much but it certainly does add up.
Thankfully, with a little help from Symantec and other companies like it, not a single cent of that $14,000 was paid, leaving the handlers penniless and the victims with their funds safely secured and in their own pockets. Also, ever since awareness of Flashback became widespread, Apple has issued Java security updates and malware removal tools for those operating Leopard, Snow Leopard and Lion operating systems.
Source: PC World – Flashback Malware Didn’t Glean Big Bucks