updated 5/3/2012 11:20:13 AM ET 2012-05-03T15:20:13

We now know who the Mac Flashback malware infection hurt the most: Google.

Symantec researchers dug into the code of the Flashback variant that exploited a Java software flaw and infected approximately 600,000 Macs in late March. The researchers found a rather mundane payload — a piece of click-jacking code that redirected Google ad clicks to sites determined by the attackers.

Google never got the revenue for the redirected clicks, while the attackers made 0.8 cents for each one. Symantec's back-of-the-envelope math estimates that at its peak, the click-jacking scheme could have made the attackers $10,000 per day.

In other Flashback news, the Russian security firm Dr. Web captured much of the communications traffic that the infected machines were sending back to their cybercriminal command-and-control servers.

They found that more than 60 percent of the machines infected with Flashback were running Mac OS X 10.6 Snow Leopard, and about 25 percent were running Mac OS X 10.5 Leopard, which is no longer supported by Apple.

[ How Far Behind Is Apple's Security? ]

Slightly more than 11 percent of the infected Macs were running the most recent version, Mac OS X 10.7 Lion. That's not because Lion users are smarter; it's because Apple, knowing how dodgy Java security can be, decided to remove Java from the default installation of Lion. (Lion users can install Java separately.)

Finally, Microsoft piled onto Mac users as well, with a blog posting detailing how plenty of Macs are still vulnerable to an Office for Mac flaw that was patched back in June 2009.

This is the same flaw that presumably Chinese attackers have used to attack Tibetan and Japanese Mac users, and its prevalence shows how many Mac users are still completely oblivious to the risks they take by not updating their software.

Lion users aren't at risk for that particular flaw, Microsoft notes, since Lion's NX (non-executable memory) feature means that the Office software can't be changed while it's running.

All this news essentially says one thing: If you're a Mac user running Snow Leopard or Lion, there's no excuse not to update your software. Doing so will patch the Microsoft flaw, clean your machine of Flashback and give Google the revenue it deserves.

If you're running Leopard — and PowerPC Mac users don't have any other choice — Apple doesn't care about you anymore. (Microsoft does, so apply the Office patch anyway.) Disable Java as much as you can, and install Mac-specific anti-virus software.

© 2012 SecurityNewsDaily. All rights reserved


Discussion comments


Most active discussions

  1. votes comments
  2. votes comments
  3. votes comments
  4. votes comments