manchesterwired
Technology
Flashback 'hijacked' Google keyword searches
Published: 1st May 2012 11:27:07
The Flashback Trojan that infected Apple Mac computers could have made more than $10,000 (£6,200) a day for its creators, suggests research.
Analysis of the malicious software by security firm Symantec showed it was built to hijack Google searches.
On infected machines the malware watched for specific keywords.
When they were spotted, the Trojan re-directed users to sites that its creators were being paid to funnel people towards.
In early April, it was revealed that up to 500,000 Apple Mac computers had been infected by malicious software called Flashback.
The malware targeted a vulnerability in the Java software that is used in Windows machines, Apple computers and many others.
Macs were the biggest victims because Apple did not patch the loophole in its version of Java for several weeks after the vulnerability became known.
The Symantec analysis has revealed why the malware was created and how much cash it might have generated for its creators.
By reverse engineering the software, Symantec has discovered that it lurked on infected machines waiting until a user searched on Google for certain words such as "toys".
If a user clicked on an advert related to that search, they would never reach the site they wanted but were re-directed to others showing ads and links.
Symantec engineers found that Flashback's creators would be paid 0.008 cents every time a user was re-directed. Other malicious programs that managed to infect 25,000 victims have been seen to generate about $450 per day for their creators.
"Considering the Flashback Trojan measures in the hundreds of thousands, this figure could sharply rise to the order of $10,000 per day," wrote the Symantec researchers.
Further analysis of Flashback by Russian security firm Dr Web, which sounded the alarm about the malware, has revealed how it was controlled.
Its creators seem to have used Twitter as the command-and-control system for the huge number of machines that it infected.
Compromised machines were programmed to regularly search Twitter for messages containing particular strings of letters. These would direct infected machines to visit particular websites to get updates or receive further instructions.
Harvard Citation
BBC News, 2012. Flashback 'hijacked' Google keyword searches. [Online] (Updated 01 May 2012)Available at: http://www.manchesterwired.co.uk/news.php/1425708-Flashback-hijacked-Google-keyword-searches [Accessed 18th June 2013]
More Technology News
-
Huawei says Ascend P6 is world's 'slimmest' smartphone
Huawei has unveiled what is says is the world's thinnest smartphone.... -
App developed for cats to "take" self portraits
The internet's love affair with zany cat pictures has been combined with the craze for self-portraits to create an app likely to appeal... -
Huge holograms offer medics more memorable classes
A system which uses giant holograms to help medical students master their subject has been pioneered by two London-based junior doctors. ... -
Prism: Yahoo reveals US data requests
Yahoo is the latest company to reveal its dealings with the US authorities, following revelations about the Prism surveillance programme.... -
Diego Maradona wins compensation from two Chinese firms
Diego Maradona has won compensation from two Chinese firms for using his name in an online game, Hot-Blooded Soccer, without his consent. ... -
No 10 summit to tackle web porn and images of child abuse
Internet firms are to meet ministers at No 10 amid calls for more to be done to block images of child sex abuse and to stop children viewing... -
Sharp brings giant-sized 90in TV to Europe
Sharp has released what it says is the biggest TV ever to go on sale in Europe.... -
Collaboration: Apps that work alone to come together
Working together as a team at different times, in different locations, on different bits of digital kit - a trend that has gathered momentum... -
The battle over who should police the web
They are two tribes with power over all of our lives - but politicians and internet companies just don't speak the same language. ... -
UK internet providers reject default porn filters
UK ISPs have rejected calls by David Cameron's adviser on preventing the sexualisation of childhood to impose parental filters for adul...
Latest News
-
At 19:00:51 in Other
Girl, 13, raped on way to school in Wigan
A 13-year-old girl was raped on her way to school in Greater Manchester.... -
At 18:39:05 in Other
Woman raped by group of men at party in Manchester
A woman was raped by a number of men during a house party in a "disgusting" attack, police have said.... -
At 13:44:40 in Other
Moors Murderer Ian Brady banned from carrying pens
Ian Brady is banned from carrying pens in case he uses them as a weapon after a confrontation at his secure mental hospital, a tribunal has ... -
At 10:50:26 in Other
Culture minister: No threat to northern science museums
Museums in three northern cities which faced uncertain futures are "safe" from closure, the culture minister has said.... -
At 03:49:06 in Other
HS2 rail plans: Think tank raises doubts over value
Demand for the HS2 high-speed rail project has "likely been overestimated", a think tank has said.... -
At 00:11:45 in Business
Iron Maiden's Bruce Dickinson on his airline ambitions
Bruce Dickinson arrived for his BBC interview wet, hot, but in remarkably good spirits.... -
At 23:10:41 in Other
Teenager charged with man's murder in Bolton
A youth of 17 has been charged with the murder of a man who was found with head injuries in a Bolton street.... -
At 21:01:55 in Other
Bradford National Media Museum 'will not be closed'
Bradford's National Media Museum will not close, MPs say they have been told.... -
At 20:39:05 in Other
PC Ian Terry death: Officers go on trial over fatal shooting
Two officers from Greater Manchester Police (GMP) have gone on trial over the fatal shooting of an unarmed officer on a training exercise.... -
At 17:02:26 in Other
Greater Manchester protest charge PC formally cleared
A police officer accused of making false statements against a protester has been formally cleared....
News In Other Categories
-
London 'cheesegrater' building's topping-out ceremony
A ceremony has been held to mark the building of the latest addition to London's skyline. ... -
G8 leaders agree tax evasion measures
Leaders of the G8 major economies have agreed new measures to clamp down on money launderers, illegal tax evaders and corporate tax avoiders... -
UK-wide Family Arts Festival launches
A UK-wide Family Arts Festival has been launched aiming to increase family participation in the arts. ... -
AstraZeneca announces new Cambridge Biomedical Campus HQ
Pharmaceutical giant AstraZeneca has announced it is setting up its new global headquarters at the Cambridge Biomedical Campus.... -
Guantanamo inmate Shaker Aamer discussed by Cameron
The case of the last UK resident held in Guantanamo Bay has been raised by Prime Minister David Cameron in talks with US President Barack Ob... -
Scientists say UK wet summers down to Atlantic warming
The UK's recent run of damp summers could be down to a cyclical warming of the Atlantic Ocean....
- Home
- Sitemap
- Publishers
- Advertisers
- Contact
-
Any copyright/incorrect article details issues should be addressed to us 'here'.
© 2010 All Rights Reserved.