Last month, cybercriminals embarked on what quickly became one of the largest-scale malware attacks on Apple computers to date. Their motive was financial: security researchers now estimate that the infected computers made the malware’s creators $10,000 a day.
The malware, called Flashback, targeted Mac users and infected their machines through a security hole in Java software that Oracle patched last February, but that Apple did not patch until early April. In those six weeks, Flashback spread to over half a million computers.
It spread through particularly nefarious means. Unlike most malware, which typically requires users to click on a malicious link or open a compromised attachment to get infected, Flashback downloaded itself onto its victims’ machines when they visited hijacked Web sites, often compromised WordPress blogs.
¶Security researchers determined that Flashback used infected computers for click fraud, in which clicks on a Web advertisement are manipulated in exchange for kickbacks. Researchers at Symantec, who studied Flashback’s code, determined that a Google search for “toys”– which would ordinarily send a user to Toys “R” Us — instead redirected the user to a site where the attackers, not Google, would get 8 cents for the click.
¶With 600,000 computers infected at its peak, Symantec estimates that Flashback generated $10,000 for the attackers each day. Two weeks after Apple issued a security patch, the number of infected users dropped to 140,000 from 600,000. But last week, researchers at Intego, another computer security firm, discovered that a new variant of Flashback, Flashback.S, continues to spread through the same Java vulnerability.
Intego researchers did not say what the new variant of Flashback was being used for, but researchers at Symantec that analyzed a portion of the variant’s code said that it communicated with the same command-and-control servers as Flashback and that it “would be safe to assume the intention with this variant was the same.”
To remove Flashback, Apple encouraged users to run their software updates. They can also download a Flashback removal tool on Apple’s support site, which lets users know if their computer was infected.
Security experts predicted in 2008 that when Apple’s share of the PC market reached 16 percent and Windows antivirus software became 80 percent effective, Mac users would become a more frequent target for cybercriminals.
That day is not far off. Apple currently holds 12 percent of the PC market and antivirus software has reached 95 percent effectiveness, according to AV Comparatives, a nonprofit that audits antivirus software.