Flashback Malware-Symantec

Flashback was earning about $10K per day

People often wonder about what motivates the creators of malware. In the case of the Flashback malware that infected several hundred thousand Macs, it turns out that the motivator was money. A post on the Symantec official blog listed the stages of infection from Flashback:

1. A user visits a compromised website.
2. The browser is redirected to an exploit site hosting numerous Java exploits.
3. CVE-2012-0507 is used to decrypt and install the initial OSX.Flashback.K component.
4. This component downloads a loader and an Ad-clicking component.

That ad-clicking component is what made the money for the scoundrels who wrote the malware. As the Symantec post explains, the malware specifically targets searches made on Google. Depending on the search query, the malware redirected the Mac user to another page chosen by the attacker, and the attacker received revenue from the click-through. Since Google never received the intended ad click, they lost revenue. Symantec analyzed a similar botnet last year and determined that about 25,000 infected machines could net the attacker about US$450 per day. Based on the breadth of the Flashback attack, they estimated that the malware was earning its creators almost $10,000 per day. If you haven't updated your Mac to counteract a possible Java malware attack, or run Apple's free tool for removing the malware from Macs that don't have Java installed, be sure to run Software Update as soon as possible to protect yourself. [via Macworld]Flashback was earning about $10K per day originally appeared on TUAW - The Unofficial Apple Weblog on Tue, 01 May 2012 12:30:00 EST. Please see our terms for use of feeds.Source | Permalink | Email this | Comments read more..

source:http://aol.it/IDCcsC

Flashback Malware

Flashback Malware's Ad-Click Hijacking Detailed, Could Reap $10,000/Day

Antivirus firm Symantec has published a new blog post examining how the Flashback malware affecting hundreds of thousand of Macs has been generating revenue for its authors by hijacking users' ad clicks. According to the report, the widespread nature of the infection means that malware authors could have been generating up to $10,000 per day from the scheme at its peak based on previous analysis of malware click redirection.The Flashback ad-clicking component is loaded into Chrome, Firefox, and Safari where it can intercept all GET and POST requests from the browser. Flashback specifically targets search queries made on Google and, depending on the search query, may redirect users to another page of the attacker's choosing, where they receive revenue from the click . (Google never receives the intended ad click.)Symantec's work on the ad-click hijacking aspect of Flashback comes after Russian firm Dr. Web, which was responsible for the initial publicity about the malware, published its own report examining some of the early data on infected computers seeking to connect to command-and-control servers.
The report looks at nearly 100,000 connections that came in on April 13, finding that close to two-thirds of the infected machines identified themselves as running Mac OS X Snow Leopard, which was the last version of OS X to ship with Java enabled by default. OS X Lion does not include Java by default, and thus was responsible for only 11% of infections seen during the survey period.
Flashback infection share vs. operating system usage share (Data via Dr. Web, Chart via Computerworld)
As noted by Computerworld, OS X Lion represents nearly 40% of OS X copies currently in use, suggesting that Apple's decision to remove Java from the default Lion install is indeed helping to limit infections on Apple's newest machines.[W]hile Snow Leopard's and Leopard's infection rates are higher than their usage shares, the opposite's true of OS X 10.7, or Lion. The 2011 OS accounted for 39.6% of all copies of OS X used last month, yet represented only 11.2% of the Flashback-compromised Macs.Dr. Web's data on OS kernel versions being reported from infected Macs also demonstrates that many Mac users do not keep their systems up-to-date, with roughly 25% of Snow Leopard and Lion systems seen in the survey reporting themselves as at least one version behind Apple's most recent updates (10.6.8 for Snow Leopard and 10.7.3 for Lion). read more..

source:http://bit.ly/IpPprS

Flashback Malware-Security Vendor-Snow Leopard-Drive Space

Security vendor: Snow Leopard users most prone to Flashback infection

Of the Macs that have been infected by the Flashback malware, nearly two-thirds are running OS X 10.6, better known as Snow Leopard, Russian antivirus firm Dr. Web says. read more..

source:http://bit.ly/Jz5Kcx

Delete Dropbox cache to recover drive space

If you use Dropbox to share files with co-workers and clients, you might be surprised to find yourself running out of room on your hard drive. Here's how to find and delete the offending files. read more..

source:http://bit.ly/Jz5OZN

Flashback Malware-Symantec

Flashback Malware Still Affecting over 100,000 Macs

While Apple has pushed out several software updates to detect the Flashback malware and remove it from infected systems, Symantec noted late yesterday that over 100,000 machines remain afflicted by the issue as detected by their sinkhole operation to redirect server traffic.
Symantec pegged the number at approximately 142,000 as of Monday, listing a rough estimate of "over 99,000" as yesterday's data was still coming in. Those numbers are down from a peak of over 600,000 machines two weeks ago, but a substantial number of machines are still infected by the malware.The statistics from our sinkhole are showing declining numbers on a daily basis. However, we had originally believed that we would have seen a greater decline in infections at this point in time, but this has proven not to be the case. Currently, it appears that the number of infected computers has tapered off, but remains around the 140,000 mark.
As there have been tools released by Symantec and other vendors in the past few days concerning this threat, the infection numbers should have seen a dramatic decrease by now.Symantec also takes a look at the domain name generator that allows infected machines to connect to their command-and-control servers to receive instructions. The generator uses a list of 14-character strings rotated each day, coupling each string with one of five top-level domains (.com, .net, .info, .in, or .kz) to find its instructions.
The report also claims that Flashback-infected systems can receive updated command-and-control server locations through Twitter, although no details on that process are provided. A similar claim was made for earlier versions of Flashback, although there has apparently been no demonstration of the Twitter delivery method actually being used. read more..

source:http://bit.ly/J7sGiO

Performance Intelligence Software-Standalone Flashback-Performance Problems-Flashback Malware

Apple offers standalone Flashback removal tool

Fear your Mac has the Flashback malware installed, but you aren't running Java? You'll want to grab Apple's standalone removal tool. read more..

source:http://bit.ly/IT2uKT

New software bares iOS, Android app performance problems

The cumbersomely named Aternity Mobile Frontline Performance Intelligence software lets IT groups deconstruct mobile apps running live on iOS and Android devices and uncover bottlenecks, glitches, and a whole lot of other pain points for enterprise mobile users. read more..

source:http://bit.ly/IT2JWm