Symantec has slashed its own estimate for how much the Mac Flashback botnet was earning its controllers from US$10,000 a day to US$600.
The security vendor’s previous claim about Flashback’s earning potential was based on a prior analysis of a Windows 32-bit ad-clicking trojan that netted 25,000 infections -- roughly five percent of the 600,000 Macs taken by Flashback -- that could generate its author up to US$450 a day.
Flashback made money for its controllers through a single advertising component that manipulated Google searchers in the Chrome, Firefox and Safari browsers.
A Google search was potentially hijacked and depending on the search query could lead the Mac victim to a page of the trojan controller’s choosing.
Symantec appears to have initially assumed that all Flashback infections contained the ad component of the trojan, but on Thursday clarified that only two percent of around 600,000 infected machines were actually installed with the critical ad component.
“[I]f the attackers were able to use the entire botnet, they could have earned millions”, said Symantec in an update, but as it was the campaign netted the controllers about US$14,000 in three weeks from the beginning of April or US$666 per day through click fraud.
“Had the attackers been more successful in installing the final payload they could have been earning considerably more than that, which makes this a profitable model for the attackers,” said Symantec.
Still, the Flashback trojan controllers served over 10 million ads in three weeks, said Symantec.