Categories: SecurityWorkspace

Flashback Crooks Fluffed Money Making Scheme

The operators of the Flashback malware that infected over 600,000 machines failed to cash in on their potentially lucrative botnet, analysis has revealed.

One of the main ways the Flashback operators were thought to be making money was through highjacking Google searches to push infected users to certain pages. If users clicked on ads after being redirected to a site, the attackers would make money from Pay Per Click (PPC) providers.

Symantec originally estimated the operators of Flashback could have made as much as $10,000 (£6,160) per day. After further analysis, it appeared they couldn’t even make $14,000 in three weeks, as they failed to use much of the botnet’s power or get money out of the PCC providers.

Not cashing in the clicks

Over a three-week period starting in April, the botnet displayed over 10 million ads on compromised machines, but just close to 400,000 ads were actually clicked. This would have earned the attackers $14,000 but “the attackers in this instance appear to have been unable to complete the necessary steps to be paid,” Symantec said.

The security giant estimated the ad-clicking component of Flashback was only installed on about 10,000 of hundreds of thousand of infected Macs. This amounted to just two percent of the botnet. If the attackers had used all the bots under their control, they could have earned millions of dollars a year, Symantec claimed.

“You may not expect to see 100 percent utilisation of the infrastructure from the start, but at the same time what we are looking at here is very small utilisation,” Tom Parsons, senior manager at Symantec Security Response, told TechWeekEurope. “Two percent – that would seem particularly low, especially for something that is bound to catch people’s attention… There were probably issues in terms of executing the grand plan.

“Maybe it was a deliberate decision not to fully utilise it. Maybe they didn’t think it was going to get as much attention or even be identified, but that would have been wishful thinking.”

Parsons compared the Flashback botnet to an Android malicious network, which was using 30,000 bots every day to generate revenue by forcing end users to send premium rate texts to numbers of the mastermind’s choosing. That was around 25 percent botnet usage for revenue generating.

In both cases, the platforms used – Android and Mac OS – were relatively new and so are comparable. In the Android case though, it appears the cybercriminals were more savvy in deploying their army of bots.

“There is a huge contrast there in the figures,” Parsons added, revealing that the Android botnet is still alive and making its masters hundreds of thousands, possibly millions, of dollars. “The operator had been running that Android botnet for six months at that stage and had made hundreds of thousands of dollars and we estimated they would make at least a million dollars for one year.”

There are still plenty of machines within the Flashback botnet. Symantec revealed there are still 120,000 active infections as of today and the actual number is “likely to be higher”.

Are you a security guru? Try our quiz!

Thomas Brewster

Tom Brewster is TechWeek Europe's Security Correspondent. He has also been named BT Information Security Journalist of the Year in 2012 and 2013.

Recent Posts

X’s Community Notes Fails To Stem US Election Misinformation – Report

Hate speech non-profit that defeated Elon Musk's lawsuit, warns X's Community Notes is failing to…

1 day ago

Google Fined More Than World’s GDP By Russia

Good luck. Russia demands Google pay a fine worth more than the world's total GDP,…

1 day ago

Spotify, Paramount Sign Up To Use Google Cloud ARM Chips

Google Cloud signs up Spotify, Paramount Global as early customers of its first ARM-based cloud…

2 days ago

Meta Warns Of Accelerating AI Infrastructure Costs

Facebook parent Meta warns of 'significant acceleration' in expenditures on AI infrastructure as revenue, profits…

2 days ago

AI Helps Boost Microsoft Cloud Revenues By 33 Percent

Microsoft says Azure cloud revenues up 33 percent for September quarter as capital expenditures surge…

2 days ago