Symbolically, last month’s news of a hacking attack on more than 600,000 Mac computers sent a loud message: Apple products are now vulnerable to the same kind of mass infections that Microsoft Windows computers are.
Financially, however, it was the equivalent of a bounced check — a big flop that likely netted the criminals nothing, according to new research from Symantec.
Liam O Murchu, who manages Symantec’s security response operations, said in an interview that the attack appears to have been short-circuited by its own high profile. It got so much attention that Symantec and other researchers were able to quickly shut down most of the command-and-control servers, cutting the criminals off from the infected machines. That meant the ad scam the criminals were trying to propagate never reached its full potential.
Symantec estimated that of the 600,000 infected machines, only about 10,000 had installed the part of the malicious software that hijacked a user’s Google search results, which steered people who clicked on legitimate ads to sites they weren’t trying to visit. Less than 2 percent of the entire “botnet” of infected computers was utilized.
“They definitely had trouble,” Murchu said. “This didn’t go smoothly for them.”
More than 10 million fraudulent ads were shown on the infected computers, which generated some 400,000 clicks, according to Symantec. A search for “toys,” for instance, would yield all the usual ads for toy stores. Yet clicking on a specific store might take the victim to a different outlet — one that had paid an unauthorized ad network to distribute its ads.
Murchu noted that the number of clicks on the fraudulent ads translates into about $14,000 in payments, but that Symantec’s monitoring revealed the attackers were not able to collect their money. He declined to provide details, saying that the company’s policy is to not disclose methods they use to gain insight into attackers’ schemes.
“They did manage to infect a huge number of computers — they put a lot of effort into their infrastructure and from a technical point of view, they seemed to be on the ball,” he said. “But from the point of view of collecting the money, they weren’t so good.”
Ultimately, the biggest attack on Macs in the computer’s history burned so hot that it extinguished itself, Murchu said.