Flashback Intercepted Google Searches To Make $10k A Day

The notorious Flashback malware that at one stage infected over 600,000 Apple Macs, was using Google search queries to make money for attackers, according to security giant Symantec.

After an ad-clicking component was loaded into the victim’s browser, Flashback was able to intercept Google queries and, depending on what users searched for, could redirect them to a site of the attacker’s’ choosing.

When victims were sent to those sites, the cyber criminals running the Flashback botnet received money for “clicks” on the websites. Symantec estimated Flashback made the crooks as much as $10,000 (£6,164) per day. The company based this figure on another ad-clicking Trojan botnet it was tracking last year, which had around 25,000 bots and could generate the author up to $450 per day.

Flashback funds

“A very profitable enterprise indeed, and all the more reason to keep your Mac fully patched and your virus definitions up to date,” Symantec said in a blog post.

The activity also costs Google money too. If users type in a search query to Google, the search provider should receive money if the user then clicks on an ad. Flashback forced users to bypass that process. “This ultimately results in lost revenue for Google and untold sums of money for the Flashback gang,” Symantec added.

Apple has come under fire for its security practices since the outbreak of Flashback, which spread thanks to a Java vulnerability, exploited when users visited compromised websites based on WordPress or Joomla.

CEO of Kaspersky, Eugene Kaspersky, told TechWeekEurope at InfoSecurity 2011 last week that Apple was 10 years behind Microsoft in security and the iPhone maker had still not recognised the threat facing its systems.

“Apple doesn’t recognise there is a problem. It is the same as Microsoft 12 years ago. Microsoft didn’t recognise security issues as a problem. After a series of incidents they changed their minds,” Kaspersky said.

Think you’re a security expert? Try our quiz!