Antivirus and security firm Symantec says the true motivation behind the massive Flashback malware infection is revenue—ad revenue, that is. In a post to its Security Response blog, Symantec wrote that a Flashback botnet has the potential to generate up to $10,000 per day in ad clicks, primarily impacting Google and bringing in "untold sums of money for the Flashback gang."
As outlined by Symantec, the ad-clicking component of Flashback runs in the browser (Safari, Chrome, and Firefox are all affected) where it redirects search queries to another page, generating an ad click for the attacker. "The ad click component parses out requests resulting from an ad click on Google Search and determines if it is on a whitelist," Symantec wrote. "If not, it forwards the request to the malicious server."
This technique (covered in more detail by the Symantec post) effectively bypasses Google's ability to receive credit for the ad click, instead resulting in the attackers receiving a payout.
Symantec points out that this technique isn't new, and that another botnet—W32.Xpaj.B—was able to generate up to $450 per day through a botnet of 25,000 infected machines. Since Flashback's numbers ballooned up into the hundreds of thousands—and may still be floating in that range—Symantec believes the revenues could easily be in the thousands. It's a good thing that Flashback Java vulnerability has been patched and Mac users can begin receiving updates directly from Oracle, right?
reader comments
15