In a recent analysis of the business model behind the Flashback Trojan, Symantec security researchers reported that the main objective of the malware is revenue generation through an ad-clicking component.
"The Flashback ad-clicking component is loaded into Chrome, Firefox, and Safari where it can intercept all GET and POST requests from the browser," the researchers write. "Flashback specifically targets search queries made on Google and, depending on the search query, may redirect users to another page of the attacker's choosing, where they receive revenue from the click. (Google never receives the intended ad click.)"
"In one code snippet shown by Symantec, a hijacked ad based on the user searching for 'toys' would generate $0.008 per click, meaning that 1,000 clicks would earn the hackers $8, 10,000 clicks $80, and so on," writes Computerworld's Gregg Keizer.
"The possibilities for revenue generation are huge for that kind of exploit, according to Symantec," writes CNET News' Don Reisinger. "It found that an ad-clicking Trojan called W32.Xpaj.B last August was able to make up to $450 per day on just 25,000 infections. At its height, Flashback infected a possible 650,000 Macs around the world."
"If Xpaj made around $450 (342 EUR) per day with a botnet that totaled 25,000 bots, the 650,000 machines that were overtaken by Flashback at its peak may have generated a sum that exceeds $10,000," writes Softpedia's Eduard Kovacs.