Symantec counts the cost of Mac OS X Flashback attacks

News 2 May, 2012

Meanwhile, Microsoft sounds alert over new Office for Mac malware threat

Security software vendor Symantec claims the notorious Mac OS X Flashback Trojan could have netted its authors thousands of pounds in ad-click fraud.

Russian anti-virus vendor Dr Web claimed last month that more than 600,000 Macs had been infected with Flashback malware, which is thought to have been spread using a corrupt piece of Java script code.

Protection against security vulnerabilities has a direct correlation with updating installed applications.

This code would have been pushed out to Mac users that visited corrupt websites. It would then be used to decrypt and install parts of Flashback that, in turn, download an ad-click tool.

Oracle issued a patch for the code back in February, but Apple did not follow suit until several weeks later, leaving Mac users vulnerable to attack.

In a blog post, Symantec said this time lag is what allowed Flashback to infect so many Macs, while the ad-click component could have bagged its perpetrators thousands of pounds.

“The Flashback ad-clicking component is loaded into Chrome, Firefox, and Safari where it can intercept all GET and POST requests from the browser,” explained Symantec.

“Flashback specifically targets search queries made on Google and, depending on the search query, may redirect users to another page of the attacker's choosing, where they receive revenue from the click.”

In an example cited by Symantec in the blog post, it is claimed this redirect may have yielded 0.8 cents (49 pence) per click.

“Ad-clicking Trojans are nothing new. Last August, a botnet measuring in the region of 25,000 infections could generate the author up to $450 dollars per day,” added Symantec.

“Considering the Flashback Trojan measures in the hundreds of thousands, this figure could sharply rise to the order of $10,000 per day.”

Meanwhile, in another blog, software giant Microsoft has uncovered a piece of malware aimed Mac OS X devices that run Microsoft Office.

The firm stressed this malware, which exploits a code execution vulnerability in the Mac version of Microsoft Office, is not widespread.

“In June 2009, Microsoft issued a security update, which fixed [this]. Despite the availability of the bulletin (and the passage of time), not every machine is up to date yet, which is how nearly three years later malware has emerged that exploits the issue on machines running Office on Mac OS X,” said Microsoft.

The firm is urging people using the 2004 and 2008 versions of Microsoft Office for Mac, as well as Open XML File Format Converter for Mac, to acquire the latest product updates.

“Statistically speaking, as [Mac OSX] gains in consumer usage, attacks on the platform will increase,” added Microsoft.

“Exploiting Mac OSX is not much different from other operating systems. Even though Mac OS X has introduced many mitigation technologies to reduce risk, your protection against security vulnerabilities has a direct correlation with updating installed applications.”