Symantec counts the cost of Mac OS X Flashback attacks

Virus alert

Security software vendor Symantec claims the notorious Mac OS X Flashback Trojan could have netted its authors thousands of pounds in ad-click fraud.

Russian anti-virus vendor Dr Web claimed last month that more than 600,000 Macs had been infected with Flashback malware, which is thought to have been spread using a corrupt piece of Java script code.

Protection against security vulnerabilities has a direct correlation with updating installed applications.

This code would have been pushed out to Mac users that visited corrupt websites. It would then be used to decrypt and install parts of Flashback that, in turn, download an ad-click tool.

Oracle issued a patch for the code back in February, but Apple did not follow suit until several weeks later, leaving Mac users vulnerable to attack.

In a blog post, Symantec said this time lag is what allowed Flashback to infect so many Macs, while the ad-click component could have bagged its perpetrators thousands of pounds.

"The Flashback ad-clicking component is loaded into Chrome, Firefox, and Safari where it can intercept all GET and POST requests from the browser," explained Symantec.

"Flashback specifically targets search queries made on Google and, depending on the search query, may redirect users to another page of the attacker's choosing, where they receive revenue from the click."

In an example cited by Symantec in the blog post, it is claimed this redirect may have yielded 0.8 cents (49 pence) per click.

"Ad-clicking Trojans are nothing new. Last August, a botnet measuring in the region of 25,000 infections could generate the author up to $450 dollars per day," added Symantec.

"Considering the Flashback Trojan measures in the hundreds of thousands, this figure could sharply rise to the order of $10,000 per day."

Meanwhile, in another blog, software giant Microsoft has uncovered a piece of malware aimed Mac OS X devices that run Microsoft Office.

The firm stressed this malware, which exploits a code execution vulnerability in the Mac version of Microsoft Office, is not widespread.

"In June 2009, Microsoft issued a security update, which fixed [this]. Despite the availability of the bulletin (and the passage of time), not every machine is up to date yet, which is how nearly three years later malware has emerged that exploits the issue on machines running Office on Mac OS X," said Microsoft.

The firm is urging people using the 2004 and 2008 versions of Microsoft Office for Mac, as well as Open XML File Format Converter for Mac, to acquire the latest product updates.

"Statistically speaking, as [Mac OSX] gains in consumer usage, attacks on the platform will increase," added Microsoft.

"Exploiting Mac OSX is not much different from other operating systems. Even though Mac OS X has introduced many mitigation technologies to reduce risk, your protection against security vulnerabilities has a direct correlation with updating installed applications."

Caroline Donnelly is the news and analysis editor of IT Pro and its sister site Cloud Pro, and covers general news, as well as the storage, security, public sector, cloud and Microsoft beats. Caroline has been a member of the IT Pro/Cloud Pro team since March 2012, and has previously worked as a reporter at several B2B publications, including UK channel magazine CRN, and as features writer for local weekly newspaper, The Slough and Windsor Observer. She studied Medical Biochemistry at the University of Leicester and completed a Postgraduate Diploma in Magazine Journalism at PMA Training in 2006.