Symantec Claims Flashback Malware Operators made Less Money than the First thought
Security firm Symantec sometime ago disclosed that the masterminds behind the now-infamous OSX flashback Trojan made huge amount of money. Further found that they failed to collect as a result of their operations.
Symantec says that it has found that from April 2012, to three week period, the botnet displayed over 10 million ads on compromised computers but only few percentage of users who were shown the ads clicked them, with close to 400,000ads being clicked. These numbers earned the attackers $14,000 in these three weeks, although it's worth mentioning that earning money is only a part of the puzzle, but actually collecting that money is another, often more difficult job.
There are many antifraud measures and affiliate verification provided by many (pay-per- click) or PPC before money. Luckily, the attackers in this instance appear to have been unable to complete the necessary steps to be paid, "the firm said, as published by cnet.com on may 16, 2012.
It is estimated the actual ad-clicking component of flashback was only installed on about 10,000 of more 60,000 infected machines. In other words, utilizing less than 2% of entire botnet the attackers were capable of generating $14,000 in three weeks, meaning that if the attackers were able to use the entire botnet, they could earn millions of dollars in a year, the security firm said in his blog's post.
For someone who is controlling a botnet of this magnitude, there are many options. Currently we have seen many botnet using fraudulent ads to make money for attackers. That is exactly the case with flashback: the operators decided to precede their botnet to commit fraudulent ad-click, also known as fraud click.
By analyzing the traffic from the flashback command-and-control servers, Symantec followed the redirections used by the attackers. Compromised computers pass users search keywords to the attackers, who then contact various pay-per-click services and route the ads from the PPC provider to the compromised computers. To generate conversion, the flashback botmaster hijacked Google search results and displayed their own PPC search results. The most successful keywords used are related to pharmaceutical products, auto insurance, and debt mortgage consolidation, Symantec concludes.
» SPAMfighter News - 26-05-2012