THE FLASHBLACK TROJAN might be ruining Apple's Mac OS X reputation as the operating system that doesn't get viruses but security firm Symantec has reported it is a source of profit for the malware's makers.
Researchers at Symantec have estimated that Flashback malware is generating incomes of as much as $10,000 per day in advertising click fraud.
Symantec reported in a blog post that the malware writers are making money by using the Flashback network of infected systems to exploit ad-click networks.
"This window of opportunity helped the Flashback Trojan to infect Macs on a large scale," the company said.
"The Flashback authors took advantage of the gap between Oracle and Apple's patches by exploiting vulnerable websites using Wordpress and Joomla to add malicious code snippets."
Flashback was able to start reaping rewards as it spread rapidly through OS X systems by targeting an unpatched Java flaw, a vulnerability that Oracle and Apple left open for six weeks.
Once a system is infected, the malware monitors and intercepts web traffic, targeting the 'GET' and 'POST' calls from the web browser as well as search queries. When users of machines infected by the Trojan attempt to follow links or search results for certain terms, their systems are redirected by the malware to web sites run by third-party affiliates who then pay out ad commissions to the malware operators.
In the process, the otherwise legitimate traffic is hijacked by the Trojan network and used to generate money for the botnet's operators.
While the attack has been seen by some as a revelation for Mac OS X security, Symantec said that its methods of generating cash are fairly common for malware platforms.
"Ad-clicking Trojans are nothing new and in an analysis of W32.Xpaj.B last August a botnet measuring in the region of 25,000 infections could generate the author up to $450 per day," Symantec's researchers wrote.
"Considering the Flashback Trojan measures in the hundreds of thousands, this figure could sharply rise to the order of $10,000 per day," it added.
Last month, security firm Kaspersky said that compromised Wordpress blog web sites were to blame for the Flashback Trojan infection. The company said posts on the web sites were sending visitors to malware hosts that infected Mac OS X systems with the Flashback Trojan.
However, since Apple released its Java update the number of Mac OS X computers infected with the Flashback Trojan dropped from around three quarters of a million to about 140,000 or less. µ
Team Green cranks the Super GPU machine
Also, the moon on a stick
But not much else appears to have changed