Flashback botmasters earned less than $15K
Posted on 17.05.2012
It has already been established that the criminals behind the Flashback botnet were after money, but according to Symantec researchers, their plan was foiled by the attention that the first massive Mac botnet was given by security researchers.

The researchers initially calculated that a botnet of that size could bring in $10,000 per day to its masters, as the malware's ad-clicking component would intercept browser requests, target search queries made on Google and redirect users to another page of the attacker's choosing. Consequently, the attackers would receive payment for the ad click instead of Google.

Alas for the botmasters, not everything went as planned. They managed to install the ad-clicking component only on some 10,000 of the 600,000+ infected machines because security researchers reacted quickly and took down most of their C&C servers.

"From our analysis we have seen that, for a three-week period starting in April, the botnet displayed over 10 million ads on compromised computers but only a small percentage of users who were shown ads actually clicked them, with close to 400,000 ads being clicked. These numbers earned the attackers $14,000 in these three weeks, although it is worth mentioning that earning the money is only one part of the puzzle—actually collecting that money is another, often more difficult, job," shared Symantec.

"Many PPC providers employ anti-fraud measures and affiliate-verification processes before paying. Fortunately, the attackers in this instance appear to have been unable to complete the necessary steps to be paid."

Still, this is most certainly not the end of malware attacks against Mac computers. "As the market share of Mac increases, we will see more Mac-related botnets similar to this one in the future," predicts Symantec.


Abusing the Internet of Things: Blackouts, Freakouts, and Stakeouts

Whether you like it or not, the Internet of Things is happening. This book paints a clear picture of the current situation, and what we can learn from it in order to create a safer future for all of us.

Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.

Daily digest

Receive a daily digest of the latest security news.

Tue, Oct 13th