toggle

AAPL Stock: 100.82 ( + 0.71 )

Printed from http://www.macnn.com

Flashback-K malware breaks down; no payment for creators

updated 04:42 pm EDT, Sun May 20, 2012

From 600,000 infections to 10,000; ad vendor won't pay

After possibly infecting up to 1.8 percent of the Macintosh population with a click-fraud macro through a Java vulnerability, the Flashback creators won't get paid despite their efforts, reports Computerworld. Following a coordinated security effort between antivirus vendors and security experts, remote malicious orders were blocked or prevented from effecting an estimated peak 600,000 infected computers. Apple joined the fray late, but provided patches and a removal tool for the malware.

"Lots of security companies sinkholed Flashback's domains, and this caused [the hackers] a lot of problems," said Liam O'Murchu, manager of operations at Symantec's security response center. After the combined anti-Flashback efforts, about 10,000 macs remained controlled by the bot-net, but the advertising affiliate that served 98% of the generated clicks isn't paying the creators.

The Flashback malware was designed not to harm the user's own data, but to connect the computer to a botnet that served ads the user wouldn't have normally seen or steal clicks from Google ads generated by users. Across the three weeks that the malware was active, some 10 million ads were served, resulting in about 400,000 click-throughs that would have generated around $14,000 for the malware creators.

"The traffic we've analyzed tells us that they hadn't been paid," said O'Murchu, "They haven't been able to provide the information to the pay-per-click affiliate that [was] required to be paid." Legitimate advertising vendors use a variety of anti-fraud mechanisms, including identity checks and sampling the traffic from the source of the clicks, to insure that the clicks are legitimate. Without these verification steps, advertisers won't pay the advertising vendor.

Apple provided the patch in mid-April for the exploit after it made headlines two weeks prior. The exploit was made public in February. Java patches for Snow Leopard and Lion are available, and a separate removal tool is also downloadable for Leopard, Snow Leopard, and Lion. [via Computerworld]




by MacNN Staff

POST TOOLS:

TAGS :

toggle

Comments

Login Here

Not a member of the MacNN forums? Register now for free.

toggle

Network Headlines

toggle

Most Popular

MacNN Sponsor

Recent Reviews

ActvContent Sync Smartband

Smartbands of all sorts are hitting the market. Some build on the buzz around fitness trackers, while others offer simpler features fo ...

RocketStor 6324L Thunderbolt 2 eSATA bridge

Like it or not, the shift to Thunderbolt is underway. The connection is extremely flexible, allowing for video and data to co-habitate ...

Patriot Stellar Boost XT 64GB USB 3.0 drive

A vast selection of USB memory sticks means that consumers can often find exactly the size drive they need in a configuration that can ...

toggle

Most Commented