Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Share Post: Reddit Facebook
Fireball Malware Infects 20% of Corporate Networks Worldwide
#1
https://www.infosecurity-magazine.com/ne...corporate/    1 JUN 2017 NEWS
Fireball Malware Infects 20% of Corporate Networks Worldwide
Tara Seals
Tara Seals US/North America News Reporter, Infosecurity Magazine
Email Tara
A browser-hijacker called Fireball has ignited concern, having already infected more than 250 million computers worldwide, and 20% of corporate networks globally. 

According to Check Point, it takes over target web browsers, turning them into zombies. However, Fireball also can be turned into a fully functioning malware downloader, and is capable of executing any code on the victim machines. That means it can carry out a wide range of actions, including stealing credentials and loading ransomware.

For now, it seems focused on adware. Fireball manipulates victims’ browsers and turns their default search engines and home pages into fake search engines, which simply redirect the queries to either yahoo.com or Google.com to generate ad revenue. According to Alexa’s web traffic data, 14 of these fake search engines are among the top 10,000 websites, with some of them occasionally reaching the top 1,000.

Fireball also installs plug-ins and additional configurations to boost its advertisement activity.

“It’s run by a Chinese digital marketing agency, called Rafotech,” Check Point noted in an analysis. “Rafotech carefully walks along the edge of legitimacy, knowing that adware distribution is not considered a crime like malware distribution is. Many companies provide software or services for free, and make their profits by harvesting data or presenting advertisements. Once a client agrees to the install of extra features or software to his/her computer, it is hard to claim malicious intent on behalf of the provider.”

Fireball is spread mostly via bundling, i.e., it’s installed on victims’ machines alongside a program the user wants to download, but without the users’ consent.

In addition to the ad fraud aspect of things and the malware-downloading capability, Fireball contains another threat: The fake search engines include tracking pixels used to collect the users’ private information, so Fireball can also spy on victims.

Fireball has turned out to be virulent, with an enormous infection rate. The biggest proportion of infections are in India, Brazil and Mexico, and there are more than 5.5 million in the US. Based on Check Point’s global sensors, the percentages of affected corporate networks are even higher:  Hit rates in the US (10.7%) and China (4.7%) are alarming, and even more so in Indonesia (60%), India (43%) and Brazil (38%).

The good news is that Fireball can be removed from PCs by uninstalling the adware using Programs and Features list in the Windows Control Panel, or using the Mac Finder function in the Applications folder on Macs.
Reply


Possibly Related Threads…
Thread Author Replies Views Last Post
  Password recovery tool infects industrial systems with Sality malware tarekma7 0 614 07-17-2022 , 09:32 AM
Last Post: tarekma7
  BIOPASS RAT Infects Chinese Gambling Sites mrtrout 0 592 07-13-2021 , 07:08 AM
Last Post: mrtrout
  Zero-day flaws in virtual event platforms provide access to personal, corporate data Bjyda 0 5,069 02-24-2021 , 11:49 PM
Last Post: Bjyda
  NAT Slipstreaming 2.0 Exposes Devices on Internal Networks to Remote Attacks Bjyda 0 3,676 01-26-2021 , 11:51 PM
Last Post: Bjyda
  Hundreds of Networks Still Host Devices Infected With VPNFilter Malware mrtrout 0 913 01-20-2021 , 04:10 PM
Last Post: mrtrout

Forum Jump:


Users browsing this thread: 1 Guest(s)