People often wonder about what motivates the creators of malware. In the case of the Flashback malware that infected several hundred thousand Macs, it turns out that the motivator was money. A post on the Symantec official blog listed the stages of infection from Flashback:
- A user visits a compromised website.
- The browser is redirected to an exploit site hosting numerous Java exploits.
- CVE-2012-0507 is used to decrypt and install the initial OSX.Flashback.K component.
- This component downloads a loader and an Ad-clicking component.