The operators of the Flashback botnet may have made far less money from their malware than previously thought, according to new analysis.
Earlier research by Symantec had claimed the primary motive behind the malware was revenue generation, and with the total number of infected Apple Macs hitting 600,000 it was possible the crooks could have been making up to $10,000 per day.
This was done through hijacking Google searches and sending compromised users the websites set up by the crooks, who would earn revenue from the ads on those pages.
However, more recent analysis by Symantec has revised the figure downwards – partly due to technical failures by whoever set the botnet in motion.
Over a three-week period starting in April the botnet displayed over 10 million ads on compromised computers. However, only a small number of ads were actually clicked – around 40,000 according to Symantec.
These figures could have made the owners around $14,000 during that three-week period, but it looks like something went wrong when it came to actually collecting the money. While details on that side of things are slim Symantec says "the attackers in this instance appear to have been unable to complete the necessary steps to be paid."
Interestingly the ad-clicking component of Flashback was only installed on about 10,000 of the more than 600,000 infected machines. This means that had the cyber criminals been able to fully utilise the botnet and collect the money, they could have earned millions of dollars over an extended period of time.
"Even though only a small fraction of the more than 600,000 compromised computers redirected users, the attackers still managed to display over 10 million ads in a three week period, generating $14,000 in revenue," said Symantec.
"Had the attackers been more successful in installing the final payload they could have been earning considerably more than that, which makes this a profitable model for the attackers," the blog post added.
The Flashback malware forced the issue of Apple security into the spotlight as it was the first outbreak to hit the platform that could be considered successful. In particular, Apple’s response to the outbreak was criticised, with the Java vulnerability remaining unpatched for three months.
This delay led Eugene Kaspersky to tell CBR that Apple had a lot to learn about keeping users secure.
"I think they are ten years behind Microsoft in terms of security," he said. "Apple is now entering the same world as Microsoft has been in for more than 10 years: updates, security patches and so on. We now expect to see more and more because cyber criminals learn from success and this was the first successful one."
"They will understand very soon that they have the same problems Microsoft had ten or 12 years ago. They will have to make changes in terms of the cycle of updates and so on and will be forced to invest more into their security audits for the software," Kaspersky told CBR.