A few weeks ago Symantec said that the Flashback malware would have generated no less than $10.000 per day for the hackers who developed it. Everything had to do with online advertising systems, the malware forcing the victims' computers to click on the advertising banners of the accessed websites. Well, after a few weeks of checks and analysis, those from Symantec they came to the conclusion that only $14.000 was produced by the Flashback malware in 3 weeks of use on Macs.
From our analysis we have seen that, for a three-week period starting in April, the botnet displayed over 10 million ads on compromised computers but only a small percentage of users who were shown ads actually clicked them, with close to 400,000 ads being clicked . These numbers earned the attackers $14,000 in these three weeks, although it is worth mentioning that earning the money is only one part of the puzzle—actually collecting that money is another, often more difficult, job. Many PPC providers employ anti-fraud measures and affiliate-verification processes before paying. Fortunately, the attackers in this instance appear to have been unable to complete the necessary steps to be paid.
It is estimated that the actual ad-clicking component of Flashback was only installed on about 10,000 of the more than 600,000 infected machines. In other words, using less than 2% of the entire botnet the attackers were able to generate $14,000 in three weeks, meaning that if the attackers were able to use the entire botnet, they could potentially have earned millions of dollars a year.
It seems that the version that clicked on the advertising banners would have been present in only 10.000 Macs and these generated $14.000 in three weeks, but the hackers would not have succeeded in collecting the money from the advertisers. The whole story behind the Flashback was exaggerated because in the end the problem had to do with users not updating their software and things like this happen on any platform. The vulnerability used was not from OS X, but from third-party software, and security firms tried to present everything in a bad light to convince the world that OS X needs antivirus software.
