• “Fireball” Malware – a Browser Hijacker / Malware Downloader

    Home » Forums » Cyber Security Information and Advisories » Code Red – Security/Privacy advisories » “Fireball” Malware – a Browser Hijacker / Malware Downloader

    Tags:

    Author
    Topic
    Kirsty
    Manager
    June 3, 2017 at 2:50 pm #119226

    FIREBALL – The Chinese Malware of 250 Million Computers Infected
    By Check Point | June 1, 2017

     
    A recently discovered a high volume Chinese threat operation which has infected over 250 million computers worldwide. The installed malware, Fireball, takes over target browsers and turns them into zombies. Fireball has two main functionalities: the ability of running any code on victim computers–downloading any file or malware, and hijacking and manipulating infected users’ web-traffic to generate ad-revenue. Currently, Fireball installs plug-ins and additional configurations to boost its advertisements, but just as easily it can turn into a prominent distributor for any additional malware.

    KEY FINDINGS
    – Check Point analysts uncovered a high volume Chinese threat operation which has infected over 250 million computers worldwide, and 20% of corporate networks.
    – The malware, called Fireball, acts as a browser-hijacker but and can be turned into a full-functioning malware downloader. Fireball is capable of executing any code on the victim machines, resulting in a wide range of actions from stealing credentials to dropping additional malware.
    – Fireball is spread mostly via bundling i.e. installed on victim machines alongside a wanted program, often without the user’s consent.

    It’s important to remember that when a user installs freeware, additional malware isn’t necessarily dropped at the same time. If you download a suspicious freeware and nothing happens on the spot, it doesn’t necessarily mean that something isn’t happening behind the scenes…
    As with everything in the internet, remember that there are no free lunches. When you download freeware, or use cost-free services (streaming and downloads, for example), the service provider is making profit somehow. If it’s not from you or from advertisements, it will come from somewhere else.

     
    Read CheckPoint.com’s full blogpost here. “HOW DO I REMOVE THE MALWARE, ONCE INFECTED?” is at the bottom of that linked page.

     

    @gborn     has a published a blogpost on Fireball, well worth reading on borncity.com

    8 users thanked author for this post.
    Lori, jelson, SueW, HiFlyer, Elly, ch100, samak, EstherD
    Reply | Quote
    Viewing 1 reply thread
    Author
    Replies
    • Kirsty
      Manager
      June 8, 2017 at 12:33 am #119712

      From blog.kaspersky.com:

      Fireball: Adware with Potential Nuclear Consequences

       
      Advertising can sometimes be annoying — and sometimes it can be malicious. Businesses that make their money selling advertisements sometimes go too far trying to make sure you see their ads. Recently researchers found that one such business — a big digital-marketing agency — went as far as installing adware on 250 million computers running Windows and macOS all over the world.

      What’s even worse, this adware is capable of turning into full-fledged malware that can divert users to malicious sites and drop malware on their computers. And no one seemed to notice it — until now.

      Fireball’s ability to download and install browser extensions and execute code on an infected device makes it a perfect backdoor — one that can be used, well, in a lot of different ways: mostly for dropping bad stuff onto your computer to harvest critical information or infect your device with various kinds of malware.

       
      Read the full article here

      1 user thanked author for this post.
      Elly
      Reply | Quote
    • Kirsty
      Manager
      June 23, 2017 at 1:46 am #121699

      Fireball threat ‘overblown,’ says Microsoft
      by Greg Masters | June 22, 2017

       
      Claiming that it’s got the Fireball malware threat under control, Microsoft is asserting on a company blog that the “reported magnitude of its reach might have been overblown.”

      While acknowledging that the threat from the various malware grouped under the Fireball banner is real, the company said it has been keeping tabs on the scourge since 2015 and has issued protections and defenses against it.

       
      The scmagazine.com article references a Microsoft blogpost.

      1 user thanked author for this post.
      Elly
      Reply | Quote
    Viewing 1 reply thread
    Reply To: Reply #119712 in “Fireball” Malware – a Browser Hijacker / Malware Downloader

    You can use BBCodes to format your content.
    Your account can't use all available BBCodes, they will be stripped before saving.

    Your information:




    Cancel
DON'T MISS OUT!
Subscribe to the Free Newsletter
We promise not to spam you. Unsubscribe at any time.
Invalid email address

View the Forum

  • Recent Replies
  • My Replies
  • My Active Topics
  • New Posts in the Last day
  • Private Messages
  • Knowledge Base
  • How to use the Forums
  • All Forums

    • Recent Topics

    My Profile

    May 2025
    S M T W T F S
     123
    45678910
    11121314151617
    18192021222324
    25262728293031

    Remembering Woody

     

    Want to Advertise in the free newsletter? How about a gift subscription in honor of a birthday? Send an email to sb@askwoody.com to ask how.

    Mastodon profile for DefConPatch
    Mastodon profile for AskWoody

     

    Home About FAQ Posts & Privacy Forums My Account
    Register Free Newsletter Plus Membership Gift Certificates MS-DEFCON Alerts

    Copyright ©2004-2025 by AskWoody Tech LLC. All Rights Reserved.