Flashback hijacked Google keyword searches

Updated on: 2012-05-01 || Source: bbc.com

The Flashback Trojan that infected Apple Mac computers could have made more than $10,000 (£6,200) a day for its creators, suggests research.

Analysis of the malicious software by security firm Symantec showed it was built to hijack Google searches.

On infected machines the malware watched for specific keywords.

When they were spotted, the Trojan re-directed users to sites that its creators were being paid to funnel people towards.

In early April, it was revealed that up to 500,000 Apple Mac computers had been infected by malicious software called Flashback.

The malware targeted a vulnerability in the Java software that is used in Windows machines, Apple computers and many others.

Macs were the biggest victims because Apple did not patch the loophole in its version of Java for several weeks after the vulnerability became known.

Twitter used

The Symantec analysis has revealed why the malware was created and how much cash it might have generated for its creators.

By reverse engineering the software, Symantec has discovered that it lurked on infected machines waiting until a user searched on Google for certain words such as "toys".

If a user clicked on an advert related to that search, they would never reach the site they wanted but were re-directed to others showing ads and links.

Symantec engineers found that Flashback's creators would be paid 0.008 cents every time a user was re-directed. Other malicious programs that managed to infect 25,000 victims have been seen to generate about $450 per day for their creators.

"Considering the Flashback Trojan measures in the hundreds of thousands, this figure could sharply rise to the order of $10,000 per day," wrote the Symantec researchers.

Further analysis of Flashback by Russian security firm Dr Web, which sounded the alarm about the malware, has revealed how it was controlled.

Its creators seem to have used Twitter as the command-and-control system for the huge number of machines that it infected.

Compromised machines were programmed to regularly search Twitter for messages containing particular strings of letters. These would direct infected machines to visit particular websites to get updates or receive further instructions.

News

Blackphone 2 'privacy' Android handset revamped
Security firm Silent Circle has revamped its smartphone that helps people manage personal data.
Chinese smartphones mount massive web attack
More than 650,000 Chinese smartphones have been unwittingly enrolled in a massive attack that overwhelmed a web
Hilton investigates hack claims
The Hilton hotel group has said it is investigating claims its US shops and gift stores may be the source of
Twitter website 'blocked' in Turkey
Twitter users in Turkey report that the social media site has been blocked in the country.

SIGN UP FOR NEWSLETTER

Sign up to received our free newsletter!
Name:
E-mail ID:

MOST READ

Views: 5477 Times
Create a Spectacular Grass Text Effect in Photoshop READ MORE
Views: 2949 Times
Virgin Media hacked by opponents of The Pirate Bay block READ MORE
Views: 3097 Times
Apple: Update will fix Mac Flashback virus READ MORE
Views: 6130 Times
How To Hack PDF Password For Free READ MORE
Views: 7566 Times
PHP: Create Your Own MVC (Part 4) READ MORE

Home|IT News|Computer Tips|Video Tutorials|Download Softwares|Subjects|Contact Us
Copyright © 2019. Jumbo Education (Information Technology). All rights reserved.
Free counter and web stats

Large Visitor Globe