A strain of Chinese browser-hijacking malware dubbed ‘Fireball’ has infected 250 million computers.
Originating in China, the “Fireball” malware package is present on 20% of corporate networks, with major infection centres in India, Brazil, and Mexico.
Check Point the security firm calls it “possibly the largest infection operation in history.”
The malware takes over web browsers and turns them into zombies, it is capable of executing any code on the infected machines, resulting in a wide range of actions from stealing credentials to dropping additional software nasties.
The malevolent software appears to be mainly intended to generate fake clicks and traffic for its creator, a Beijing advertising firm called Rafotech. When installed, the software redirects a user’s browser to websites that mimic the look of the Google or Yahoo search homepages. The fake pages surreptitiously gather private information on the user using so-called tracking pixels.
Fireball also has the ability to execute commands remotely—including downloading further malicious software. Fireball’s creators (or third-party hackers who find a way to take control) could theoretically transition from ad-scamming to selling harvested data, or even harness infected machines into a globe-spanning botnet of immense destructive power.
Computer Software
The Fireball package is mostly surreptitiously inserted into free software downloads and installed without the user’s knowledge. Some software found to contain the Fireball package, including Soso Desktop and FVP Imageviewer.
The main sign which shows that Fireball has affected the site is when we are redirected to a new homepage.
The primary way to prevent such infections is to be very careful when we agree to install.
One should always pay attention when installing software, as software installers usually include optional installs. Opt for custom installation and then de-select anything that is unnecessary or unfamiliar.
Post Your Comments