A year to the week that a newer, more virulent version of the Flashback trojan was found to have infected more than 500,000 Mac computers, investigative reporter Brian Krebs has identified a young Russian man who has taken credit as the mastermind behind the malware.
Flashback.K, as that version was known, was a breakthrough because it was among the first pieces of mainstream malware to hijack Macs even when users didn't enter an administrative password. Rather than trick users into installing what appeared to be an update to the Adobe Flash program—as previous Flashback versions did—this new release exploited a security bug in Apple's version of the Java software framework. Users who had it installed and visited booby-trapped websites were infected with no warning. Even after Apple released software to remove Flashback, the malware was still able to thrive in the following weeks, expanding its infection base to 650,000 machines. Over the past two or three months, more than 38,000 machines remained infected, according to a researcher at antivirus provider Kaspersky Lab.
Until now, there have been no public clues about the identity of the evil genius who was responsible for Flashback. Researchers knew the malware was able to earn as much as $10,000 per day by redirecting Google search results to third-party advertisers. Acting on this knowledge, Krebs began scouring the underground forums on BlackSEO.com, a site frequented by blackhat experts in search engine optimization.