It has already been established that the criminals behind the Flashback botnet were after money, but according to Symantec researchers, their plan was foiled by the attention that the first massive Mac botnet was given by security researchers.
The researchers initially calculated that a botnet of that size could bring in $10,000 per day to its masters, as the malware’s ad-clicking component would intercept browser requests, target search queries made on Google and redirect users to another page of the attacker’s choosing. Consequently, the attackers would receive payment for the ad click instead of Google.
Alas for the botmasters, not everything went as planned. They managed to install the ad-clicking component only on some 10,000 of the 600,000+ infected machines because security researchers reacted quickly and took down most of their C&C servers.
“From our analysis we have seen that, for a three-week period starting in April, the botnet displayed over 10 million ads on compromised computers but only a small percentage of users who were shown ads actually clicked them, with close to 400,000 ads being clicked. These numbers earned the attackers $14,000 in these three weeks, although it is worth mentioning that earning the money is only one part of the puzzle—actually collecting that money is another, often more difficult, job,” shared Symantec.
“Many PPC providers employ anti-fraud measures and affiliate-verification processes before paying. Fortunately, the attackers in this instance appear to have been unable to complete the necessary steps to be paid.”
Still, this is most certainly not the end of malware attacks against Mac computers. “As the market share of Mac increases, we will see more Mac-related botnets similar to this one in the future,” predicts Symantec.