Some time ago Symantec revealed that the masterminds behind the now-infamous OSX Flashback Trojan made bundles of money. Further analysis, however, has shown that they may have failed to collect as a result of their operations.
Previously, we had learned that the fraudsters made money by displaying ads on compromised computers. The figures show that they’ve displayed 10 million advertisements on the devices of the affected individuals over the course of three weeks.
Of those 10 million, 400,000 were actually clicked on, which normally meant that they would have received $14,000 (10,640 EUR) from the pay-per-click (PPC) providers.
However, according to Symantec, the PPC firms don’t just hand over money to anyone without performing a few checks, this being a perfect example of a situation in which the scammers failed to bypass the anti-fraud measures.
Firms that offer PPC services are more than happy to pay up if users actually see their ads, but in click fraud cases such as this one, the victims may not see the ads, and they’re certainly not interested in the content that's being displayed because in most cases it’s irrelevant.
Furthermore, the cybercrooks may have analyzed each PPC provider to see which one suits their needs, since 98% of the adverts originate from the same organization.
While it’s estimated that a total of 600,000 machines have been infected with Flashback, in reality only 2% (around 10,000) of them were compromised to serve the final payload, the one that actually earned money.
As the researchers highlighted, the campaign was a success, but it could have been even more so, a situation in which the fraudsters could have made millions of dollars in a year.
Fortunately, they failed to collect, which may discourage others from launching such campaigns. On the other hand, the failure may make them more determined to try harder next time.