backtop


Print 18 comment(s) - last by drbecker1.. on May 5 at 9:01 PM


  (Source: ibtimes.com)
Flashback appeared in March 2012, and by April, it had infected over 600,000 Macs

Security software company Symantec released a report today showing that the Flashback trojan, which is infecting hundreds of thousands of Mac computers, could be generating as much as $10,000 per day.

The Flashback trojan, also known as Flashfake, disguises itself as an install Java applet on hijacked sites. When the user approves it, the trojan runs a piece of code that exploits a flaw in Java to remove OS X's anti-malware abilities. It then has the ability to steal clicks from ads on Google's search engine next to regular search results. Flashback installs alternative control programs, which turns Macs into bots. Meanwhile, the cyber criminals reap the benefits from the ghost clicks, meaning ad clicks that are not performed by a human, but by a bot instead.

Flashback appeared in March 2012, and by April, it had infected over 600,000 Macs. Despite efforts to eliminate the trojan, hackers are still earning fraudulent revenue from Flashback daily.

Symantec offered an example of a code that hijacked an ad based on a search for the word "toys." While Google should be making money on this ad click, the code redirects the click elsewhere, and the hackers receive 8 cents for the ghost click instead.

"It's now well-known that the latest OSX.Flashback.K variant was being distributed using the Oracle Java SE Remote Java Runtime Environment Code Execution Vulnerability (CVE-2012-0507), which was patched by Oracle in February," said Symantec. "Unfortunately for Mac users, there was a large window of exposure since Apple’s patch for this vulnerability was not available for six weeks.

"This window of opportunity helped the Flashback Trojan to infect Macs on a large scale. The Flashback authors took advantage of the gap between Oracle and Apple's patches by exploiting vulnerable websites using Wordpress and Joomla to add malicious code snippets."

The Symantec report was unable to come up with a definite figure regarding how much the hackers were making, but estimated that cyber criminals using hundreds of thousands of Flashback trojan infections could be making up to $10,000 on a daily basis. It came to this conclusion by comparing Flashback infections to the 2011 W32.Xpaj.B botnet in 2011, which consisted of only 25,000 Windows PCs that generated $450 per day. 

Just last month, computer security company Kaspersky Labs announced that Apple is at least 10 years behind Microsoft when it comes to security. With Apple selling more Macs year-over-year, cyber criminals are starting to notice these computers' popularity and target them with malware attacks.

Source: Symantec



Comments     Threshold


This article is over a month old, voting and posting comments is disabled

LOL, what rubbish!
By Boze on 5/1/2012 2:19:43 PM , Rating: 5
Everyone knows Macs don't get viruses, only PCs!




RE: LOL, what rubbish!
By nolisi on 5/1/2012 2:24:02 PM , Rating: 3
They were MINOs- Macs in Name Only.


RE: LOL, what rubbish!
By Mitch101 on 5/1/2012 4:26:30 PM , Rating: 3
$10,000 a day is a very tempting offer for malware writers.


Macs... nice target over PCs
By XZerg on 5/1/2012 5:15:54 PM , Rating: 5
There are many reasons to target Macs over PCs users:

1) Higher % are oblivious to various hackers/malwares tricks
2) Higher % are willing to dole out more $$$
3) Fewer % have contact with people who are actually computer literate to deal with all those hacks/malwares/... So they will be infected longer before they get it fixed.
4) Many are blissfully ignorant of reality because they believe in their Lord Jobs' perfect products ideology.

Versus PCs users:
Most users know Windows isn't perfect and will question almost anything. Also they usually have access to someone in friends/family who is good at computers to reach out to.

This is not to say that numerically there are more Mac users that are worse than PC users but I would bet on %.




RE: Macs... nice target over PCs
By ritualm on 5/1/12, Rating: 0
RE: Macs... nice target over PCs
By TSS on 5/2/2012 6:31:36 AM , Rating: 3
"Isn't that overpriced" is an oxymoron. Either it is, or it isn't, overpriced.

Also the arguement that if you'd pay more for a PC laptop you'd end up overpaying as well is just pain stupid. The point is you don't pay more.

Also, Macbooks:
http://store.apple.com/us/browse/home/shop_mac/fam...

Observe the cheapest one. 7 hour battery life, intel HD graphics, 2,2ghz processor, $1200.

http://www.newegg.com/Product/Product.aspx?Item=N8...

10 hour battery life, Geforce 415M + intel HD graphics, 2,53 ghz processor (I3 vs I5 in the apple though), same amount of memory same amount of HD space. screen resolutions 1280x800 for apple and 1366 x 768 for the Asus, actually giving the Asus 25k more pixels.

Only it's $700, vs the $1200 for the macbook.

And that's just on the cheap end. On the expensive end, i'll see your macbooks 4GB of RAM and 1GB vid card, and raise you 16GB RAM and 3GB on the vid card!

http://www.newegg.com/Product/Product.aspx?Item=N8...

Still cheaper then the mac book, which is also on new egg for $150 more.

For apple i'm willing to make an exception to what i said above. They are incredibly overpriced. To the point where it should be a crime or something. Didn't we used to, yknow, lynch people who willingly and knowlingly charged way too much? Or is it OK in todays world, as long as the person in question is brainwashed so he chooses it for himself?


RE: Macs... nice target over PCs
By steven975 on 5/2/12, Rating: -1
RE: Macs... nice target over PCs
By ritualm on 5/2/12, Rating: -1
RE: Macs... nice target over PCs
By aliasfox on 5/2/2012 1:36:17 PM , Rating: 2
Not that I like getting dragged into these things, but that 17" Asus you linked to is 4.5 KG (off of the Asus website). That's just about 10 lbs, or nearly 50% heavier than the MacBook Pro 17". Here's a better comparison from a size perspective:

http://www.newegg.com/Product/Product.aspx?Item=N8...

Based on the Radeon 7-series card, the Envy looks to be brand new. If the MBP were updated in the next week or two (why is it taking Apple this long to come out with their IVB machines?) the specs would likely be in line, maybe one level up from the Envy on processor and GPU.

Not bashing either side - I use Apple products, but I will freely admit that their uplevel 15" and 17" machines are anywhere between $300-500 more than they should be, even taking build quality, screen quality, and other things into account (nice backlit keyboard, great trackpad, standard bluetooth, etc). Just saying that if you're comparing Apples and oranges, at least make sure the orange is as similar as possible.


RE: Macs... nice target over PCs
By qkool on 5/2/2012 10:35:46 AM , Rating: 3
Let's not turn this into a Mac prices vs PC prices, unless you can quote where he explicitly said it.


Now everybody hold hands...
By bupkus on 5/1/2012 3:59:47 PM , Rating: 5
Emergency board meeting at Apple Computer's Corporate Center

Tim Cook: "We've convened this meeting to attempt a seance to contact the spirit of Steve Jobs in order to ask him what we should do about the Flashback Trojan. I think I hear him now."

Spirit of Steve Jobs: "Prepare a fresh batch of coo..."

Tim Cook holding up his iPhone: "We've lost the signal."




RE: Now everybody hold hands...
By Ramtech on 5/4/2012 10:23:51 AM , Rating: 2
Apple
By rpierce on 5/1/2012 8:20:03 PM , Rating: 5
Apple's response: The virus is user error. They are not holding the mouse correctly.




A bit ambiguous
By Trisped on 5/1/2012 5:55:07 PM , Rating: 2
quote:
Symantec offered an example of a code that hijacked an ad based on a search for the word "toys." While Google should be making money on this ad click, the code redirects the click elsewhere, and the hackers receive 8 cents for the ghost click instead.
So how is the virus hijacking the ad? Is it showing a different ad? Is it indicating that the ad was hosted by a different website the google.com?




RE: A bit ambiguous
By ritualm on 5/1/2012 7:14:43 PM , Rating: 2
Execute arbitary code via common scripting languages with full administrative rights and system access.


600,000 Macs
By Mitch101 on 5/2/2012 10:07:20 AM , Rating: 4
Wow that's like every Mac sold in the last 5 years.

Windows Phone 7 users have jokes too.




The real issue Mac vs. Windows
By drbecker1 on 5/5/2012 9:01:33 PM , Rating: 2
When I switched from MS to Apple 11 years ago the difference in performance w/o problems was night (MS) and day (Apple) and things have gotten nothing but brighter since then. NOTHING ever goes wrong, since that time years ago no program has ever crashed save a rare problem on an internet site. AND with the time and hassle saved the question of a few extra dollars cost is absurd if you earn more than 50 cents per hour and if that argument isn't enough, over the last 6+ years, no one I know of at the Boston Mac Group (MIT) has purchased anti-virus software ($100 - 200/yr) as there is still no need for it. When a new OS comes out the price has averaged out to $20/yr; I use Apple's version of MS Office and paid 15% the cost and when after 3 years a new version was available, that was $35. If I don't know how to do anything involving my Mac or Apple software, I call for free support (after $350/3 years) and am talking to an expert in that topic in a total wait time of so far NEVER more than 3 minutes. Frankly, I have many better things to do with my life than waste time trying to become a software engineer like when MS was a miserable part of my life. And thems just for starters...




By superstition on 5/2/2012 3:42:41 PM , Rating: 1
While Apple has not handled malware issue very well (particularly when it comes to having their "geniuses" lie to customers), these anti-virus companies have a history of using scare tactics to try to get people to purchase their products.

Java isn't part of OS X Lion. Users have to install it manually. Users also had to agree to install the malware. While Apple took too long to patch Java, there is also something to be said for computer users being responsible enough not to be suckered into choosing to install malware and also for Java to not be so vulnerable in the first place.




“Then they pop up and say ‘Hello, surprise! Give us your money or we will shut you down!' Screw them. Seriously, screw them. You can quote me on that.” -- Newegg Chief Legal Officer Lee Cheng referencing patent trolls














botimage
Copyright 2014 DailyTech LLC. - RSS Feed | Advertise | About Us | Ethics | FAQ | Terms, Conditions & Privacy Information | Kristopher Kubicki