The hackers who disseminated the Flashback trojan, which shook the confidence of Apple users who had grown accustomed to not dealing with malware, were making a quick buck at Google‘s expense, according to research by Symantec.
When a user visits a compromised site, Flashback covertly installs software that redirects certain Google queries to pages chosen by Flashback’s authors – who get 0.8 cents for each “click.”
“This ultimately results in lost revenue for Google and untold sums of money for the Flashback gang,” Symantec wrote.
Well, sort of. In the grand scheme of things, the ill-gotten gains were actually pretty modest, with researchers estimating that at the infection’s peak, they might have been earning as much as $10,000 a day. In contrast, Google netted an average of more than $113 million per day from advertising revenue during the first quarter of 2012.
As for the vulnerability, Symantec says that OS X developers were lulled into a false sense of security by Apple’s reputation for being impervious to malware. The hackers just took advantage of a window between patches to strike, infecting hundreds of thousands of unexpecting computers.
“The Flashback authors took advantage of the gap between Oracle and Apple’s patches by exploiting vulnerable websites using WordPress and Joomla to add malicious code snippets,” they wrote.
It’s not that hard to detect and get rid of Flashback, and security experts caution Apple users to be more wary about downloading and installing software from unknown sources. And Apple has been responsive, updating OS X’s built in security tool twice since Flashback was released to deal with new variants of the trojan.
More significant, perhaps, than Google’s lost revenue is the image hit Apple has taken from the outbreak, which runs counter to the conventional wisdom that Apple’s operating systems are watertight, or that its market share is too small for hackers to bother exploiting its users. Flashback, though, has shown that the company has grown large enough to appear on the radar for malware progenitors, and that weaknesses exist in its system.
The company has remained mostly quiet about Flashback, issuing a few terse statements about security precautions that acknowledge the danger but do not elaborate.
“A recent version of malicious software called Flashback exploits a security flaw in Java in order to install itself on Macs,” read one recent announcement.