Malware Flashback is the most popular trojan of the moment and it seems that the hackers who created it earn about $10.000 a day from the Macs they have infected. Approximately 650.000 Macs would have been infected by the malware, it is not known exactly how many are still infected, but the Trojan was designed to direct users to various websites and it seems that Google's Adsense network takes fallen victim. From the traffic generated daily by Flashback-infected Macs, it seems that hackers earn approximately $10.000, money that Google's client advertisers lose.
The Flashback ad-clicking component is loaded into Chrome, Firefox, and Safari where it can intercept all GET and POST requests from the browser. Flashback specifically targets search queries made on Google and, depending on the search query, may redirect users to another page of the attacker's choosing, where they receive revenue from the click. (Google never receives the intended ad click.) Flashback uses a specially crafted user agent in these requests, which is actually the clients universally unique identifier (UUID) encoded in base64. This is already sent in the "ua" query string parameter, so it is likely that this is an effort to thwart "unknown" parties from investigating the URL with unrecognized user-agents.
The malware is specially made to click on Google's advertising banners and has a user agent that does not attract the attention of the Mountain View company, so the hackers would earn good money from their own creation. The information comes from Symantec, which raises an alarm signal on this occasion and there is a chance that in the near future Google will start checking its own advertising network much more carefully. Apple tried to solve the problem of Flashback, but for now tens/hundreds of thousands of Macs are still infected and nothing seems to stop this Trojan.
