More counterfeit goods will soon be sold online than on the street, according to the latest report by the U.S. Trade Representative. The increase in Internet access has led to increased access to counterfeit and pirated goods, the annual Special 301 report noted, a trend that has complicated copyright enforcement.
The Advertising Standards Authority has widened its inquiry into the advertising of the Apple iPad. The BBC understands the regulator is not satisfied that Apple has complied with an agreement to amend claims about the latest iPad's 4G capabilities.
The cyber-criminals running the notorious Mac Flashback malware were bringing in as much as $10,000 a day during the height of the botnet's activity, according to security software vendor Symantec. The attackers behind the Flashback malware -- which at one point had infected as many as 700,000 Apple Macs worldwide -- essentially were stealing advertising revenue from Google by redirecting clicks from users of infected systems, members of Symantec’s Security Response group said in a post on the company’s blog.
3
8
2
By: Jeffrey Burt 2012-05-01
There are 0 user comments on this IT Security & Network Security News & Reviews story.
The cyber-criminals behind the botnet stole ad revenue from Google by redirecting clicks from infected Apple Mac systems, according to Symantec researchers.
The cyber-criminals running the notorious Mac Flashback malware were bringing in as much as $10,000 a day during the height of the botnet's activity, according to security software vendor Symantec.
The attackers behind the Flashback malware—which at one point had infected as many as 700,000 Apple Macs worldwide—essentially were stealing advertising revenue from Google by redirecting clicks from users of infected systems, members of Symantec’s Security Response group said in an April 30 post on the company’s blog. The ad revenue for those clicks went to the cyber-criminals, not Google, Symantec said.
“The Flashback ad-clicking component is loaded into Chrome, Firefox and Safari where it can intercept all GET and POST requests from the browser,” the company said in the blog post. “Flashback specifically targets search queries made on Google and, depending on the search query, may redirect users to another page of the attacker's choosing, where they receive revenue from the click. (Google never receives the intended ad click.)”
“The ad click component parses out requests resulting from an ad click on Google Search and determines if it is on a whitelist. If not, it forwards the request to the malicious server.”
The Flashback malware started off last fall as a Trojan horse masquerading as an update to Adobe Flash. It morphed into a drive-by exploit that infected unprotected systems that visited a compromised or malicious Website.
The exploit leveraged a flaw in Java that Oracle in February had patched in Windows PCs and other systems, but that Apple didn’t address until issuing a patch in early April. By that time, more than 600,000 Macs—more than 1 percent in use globally—had become infected, and a botnet of that size could have netted the Flashback operators as much as $10,000 a day, according to Symantec.
Symantec researchers reverse-engineered the OSX.Flashback.K variant to see how the malware operated, according to the company. If a user of an unpatched Mac visited a compromised Website, the browser would be redirected to an exploit site hosting various Java exploits, and the initial Flashback component would be installed onto the system. That component would then download a loader and an ad-clicking component, Symantec said.
“Not much detail has been said about the ad-clicking component, so we will reveal the true motivation behind the malware: the end goal of this Trojan is revenue generation,” the Symantec Security Response team wrote.
The researchers ran a search for “toys” on an infected system. After doing so, they said that they could “clearly see a value of 0.8 cents for the click and the redirection URL highlighted in red. This redirected URL is subsequently written into the browser so that the user is now directed to the new site, in effect hijacking the ad click Google should have received. … This ultimately results in lost revenue for Google and untold sums of money for the Flashback gang.”
Apple officials have been criticized for their slow response to the Flashback malware—particularly rolling out a patch for the Java vulnerability two months after Oracle had issued one—and the Symantec researchers again noted that in their blog post.
“Unfortunately for Mac users, there was a large window of exposure since Apple’s patch for this vulnerability was not available for six weeks,” they wrote. “This window of opportunity helped the Flashback Trojan to infect Macs on a large scale. The Flashback authors took advantage of the gap between Oracle and Apple's patches by exploiting vulnerable Websites using Wordpress and Joomla to add malicious code snippets.
Since the extent of the Mac infections was reported in early April, a host of security software vendors and Apple itself have launched tools designed to detect and remove the Flashback malware from Macs. However, there has been some disagreement over how strong the exploit still is. Symantec officials reported in mid-April that the number of infected Macs had dropped to 140,000, while Kaspersky Lab researchers estimated the number was about 30,000.
However, Russian antivirus firm Dr. Web, which first reported the extent of the Flashback infections, said April 20 that the number of infected Macs was still at more than 650,000, and after hearing how the company came up with its figures, Symantec officials agreed, as did Mac security software vendor Intego.
3
8
2
Click here to find out more!
Post a new comment Login
Post 0 Comments
>>> More IT Security & Network Security News & Reviews Articles >>> More By Jeffrey Burt
Email Article To Friend ♦ Print Version Of Article ♦ PDF Version Of Article
Jurors began deliberating about whether Google Inc violated Oracle Corp's copyright on parts of the Java programming language, part of a high stakes trial over smartphone technology with more than $1 billion in play. Oracle is suing Google in federal court, claiming the search engine giant's Android mobile platform violated its patents and copyright to Java, and is seeking roughly $1 billion in copyright damages.
The number of malicious cyber attacks jumped 81 percent in 2011, according to new data from Symantec, with the firm noting a huge leap in mobile breaches, particularly on the Android OS. Social networks, meanwhile, are the new frontier for cyber scammers as they move on from spam, which decreased by 20 percent last year.
Organizations taking part in the most ambitious expansion of the Internet so far will find out next week whether their applications for new domain names could have been viewed by competitors as a result of a software bug. "We're very apologetic for the inconvenience to any applicants," ICANN chief executive Rod Beckstrom told Reuters.
Apple and Microsoft will be among technology companies asked to explain to Parliament why Australians pay much more for music and game downloads from iTunes, for example, than overseas customers. Federal Labor politicians are hoping the publicity generated by calling the companies to account for their pricing policies will result in prices dropping.
File-sharing site The Pirate Bay must be blocked by UK internet service providers, the High Court has ruled. The Swedish website hosts links to download mostly-pirated free music and video.
Apple’s headquarters are in Cupertino, Calif. By putting an office in Reno, just 200 miles away, to collect and invest the company’s profits, Apple sidesteps state income taxes on some of those gains. California’s corporate tax rate is 8.84 percent. Nevada’s? Zero.
Google has released the full report of the Federal Communications Commission’s investigation into the data it collected and stored from millions of unknowing households across the nation while operating specially equipped cars for its Street View service. The search giant released the report, which had had heavily redacted passages, after wrangling with the FCC over which details could be publicly revealed.
Amazon.com and Texas Comptroller Susan Combs said that the online retailer will begin to collect Texas sales taxes beginning July 1, in an agreement that Combs said "resolves all sales tax issues between Texas and Amazon." Amazon said it will create at least 2,500 jobs in Texas and make at least $200 million in capital investment.
Yahoo Inc. returned legal fire against Facebook Inc. in the companies' ongoing patent dispute, calling Facebook's recent countersuit slapdash and asserting two new patents against its younger peer. Yahoo sued Facebook last month, alleging the social site infringed 10 of its patents related to online communication, advertising and privacy features.
A Colorado man says Apple’s smart cover for the new iPad and the iPad 2 violate his 2005 patent for a “Portable Computer Case.” Aspen resident Jerald Bovino filed a lawsuit in federal court asking Apple and retailer Target to pay royalties for using his technology.
The chairman of a key House Judiciary subcommittee warned the group that runs the Internet's domain name system that if it doesn't get the roll out of its new domain name program right, some countries may use it as an excuse to seek more regulation of the Internet. Rep. Bob Goodlatte, R-Va., voiced concern about some of the problems the Internet Corporation for Assigned Names and Numbers is having with the database it is using to accept applications from those seeking to apply to run a new top-level domain name.
The House of Representatives passed a controversial cybersecurity bill that would allow private companies to exchange confidential information with the federal government. The Cyber Intelligence Sharing and Protection Act (CISPA), which is designed to defend U.S. networks against cyber attack, passed the House 248-162.
The European data protection supervisor, Peter Hustinx, urged technology companies to “innovate” in the area of consumer privacy, saying that lawmakers on the continent would press ahead on a contentious proposed law that would, in part, compel companies to pare down the personal data kept in their digital vaults. “It really is based on the idea that when there is not good enough reason to keep the data, it should be deleted,” Mr. Hustinx told a conference on digital privacy, sponsored by the Berkeley Center for Law and Technology, which is part of the University of California at Berkeley School of Law.
Google is firing back at the Federal Communications Commission on an investigation that led to a $25,000 fine against the Internet search leader. In a letter, Google Inc. disputed the reason for the fine.
VMware acknowledged that hackers obtained access to some of its source code and posted it online, but the firm downplayed the impact of the breach. In a statement, Iain Mulholland, director of VMware's Security Response Center, said his firm's security team became aware of the posting and said there is "the possibility that more files may be posted in the future."
The Federal Trade Commission said it has hired an outside litigator to take charge of an antitrust investigation of Google, a sign that the agency has moved beyond the preliminary stage of its inquiry and was preparing to go to court. Beth Wilkinson, a former Justice Department prosecutor who played a lead role in the conviction of the Oklahoma City bomber Timothy McVeigh, will take over the Google investigation, FTC Chairman Jon Leibowitz said in a meeting with reporters.
China has stepped up its campaign to clamp down on the Internet, which has emerged as a virtual town square for exchanging information about the Bo Xilai scandal and the nation's biggest political upheaval in years. The popular Twitter-like microblogging service Sina Weibo on Tuesday deleted the accounts of several users, including that of Li Delin, a senior editor of the Chinese business magazine Capital Week, whose March 19 post helped fuel rumors of a coup in Beijing.
About : Legal Services | Doug Isenberg | Cases & Clients | Firm News
Resources : YouTube Channel | Daily News | Blog | Masterclass | Domain Dispute Digest
The GigaLaw Firm helps companies of all sizes protect their brands online, using domain name dispute policies – such as the Uniform Domain Name Dispute Resolution Policy (UDRP) – and other legal tools available to copyright and trademark owners on the Internet.