The cyber-criminals running the notorious Mac Flashback malware were bringing in as much as $10,000 a day during the height of the botnet's activity, according to security software vendor Symantec.
The attackers behind the Flashback malware -- which at one point had infected as many as 700,000 Apple Macs worldwide -- essentially were stealing advertising revenue from Google by redirecting clicks from users of infected systems, members of Symantec's Security Response group said in an April 30 post on the company's blog. The ad revenue for those clicks went to the cyber-criminals, not Google, Symantec said.
"The Flashback ad-clicking component is loaded into Chrome, Firefox and Safari where it can intercept all GET and POST requests from the browser," Symantec said in its blog post. "Flashback specifically targets search queries made on Google and, depending on the search query, may redirect users to another page of the attacker's choosing, where they receive revenue from the click. (Google never receives the intended ad click.)"
The Symantec blog goes on to explain: The ad click component parses out requests resulting from an ad click on Google Search and determines if it is on a whitelist. If not, it forwards the request to the malicious server.