Being a hacker is one of those jobs that while immensely powerful, also requires a good amount of control and responsibility. Depending on how good you are at your job, you can have the power to do some really powerful (and nefarious) things. The other benefit, besides power, is the ability to make massive amounts of money.
Exhibit A: The recently discovered Flashback Mac malware that infected some ~800,000+ machines. One might think that the relatively simple method in which Flashback gained access to and controlled machines meant financial gain was pretty small in scope. Not so, says security software company, Symantec.
According to Symantec, the creators behind the largest Mac malware/botnet of all time were allegedly pulling in somewhere in the neighborhood of ~$10,000 per day. The payday was relatively easy in nature, simply hijacking ad clicks and redirecting to the Flashback creators’ own advertising system.
“Flashback specifically targets search queries made on Google and, depending on the search query, may redirect users to another page of the attacker’s choosing, where they receive revenue from the click.
Flashback also uses a specially crafted user-agent string, which comprises information about a computer accessing a website, in an effort to thwart ‘unknown’ parties from investigating the URL with unrecognized user agents”
While the storm over Flashback malware has since died down following Apple’s release of a special tool designed to remove the Flashback malware and patch the Java-based security hole that allowed the malware to spread in the first place, there’s definitely a more serious look at OS X security moving forward. And as Apple continues to grow both in mobile and desktop spaces, look for malware creators to take a more serious approach to the once too-small-to-matter Mac user base.