- Nov 1, 2014
- 104
Chinese malware Fireball has infected over 250 million computers across the world till now and its biggest victim is India, followed by Brazil.
Chinese malware Fireball has infected over 250 million computers across the world till now and its biggest victim is India, followed by Brazil.
Fireball is presently acting as an adware propelling the infected computer’s traffic to its website and generating ad-revenue according to Check Point Threat Intelligence’s findings.
It is working to boost advertisement for a Beijing-based digital marketing agency Rafotech, the security firm alleges. “Although Rafotech doesn’t admit it produces browser-hijackers and fake search engines, it does (proudly) declare itself a successful marketing agency, reaching 300 million users worldwide – coincidentally similar to our number of estimated infections,” Check Point analysts said on their blog.
The malware manipulates the hijacked browser to turn the default search engines into fake ones. As per the web traffic data provided by Alexa, 14 of those fake search engines are among the 10,000 websites receiving the most internet traffic.
What is more threatening is that, Fireball is designed to run any programming code on the infected computer and download files. Thus, it is capable of spying on users of infected computers and installing more malware. Such cyber spying can lead to theft of banking credentials, patents, and other confidential data.
Fireball is potent enough to wreck a havoc given it has already infiltrated 20 percent of world’s corporate networks along with 250 million PCs, as per Check Point data. India accounts for 43 percent of total corporate infection and 10 percent of general infection.
The finding says, “Based on our estimated infection rate, in such a scenario, one out of five corporations worldwide will be susceptible to a major breach.”
The catch is that Fireball, as it acts as an adware and not a vicious malware, has a legit digital certificate. It is easily spread through the popular adware technique called ‘bundling’ where the malware is secretly bundled with other softwares and gets installed on the computer along with the software. Fireball uses two major types of bundling—either other Rafotech products like ‘Deal Wifi’ or with freeware products like ‘FVP Imageviewer’.
Chinese malware Fireball has infected over 250 million computers across the world till now and its biggest victim is India, followed by Brazil.
Fireball is presently acting as an adware propelling the infected computer’s traffic to its website and generating ad-revenue according to Check Point Threat Intelligence’s findings.
It is working to boost advertisement for a Beijing-based digital marketing agency Rafotech, the security firm alleges. “Although Rafotech doesn’t admit it produces browser-hijackers and fake search engines, it does (proudly) declare itself a successful marketing agency, reaching 300 million users worldwide – coincidentally similar to our number of estimated infections,” Check Point analysts said on their blog.
The malware manipulates the hijacked browser to turn the default search engines into fake ones. As per the web traffic data provided by Alexa, 14 of those fake search engines are among the 10,000 websites receiving the most internet traffic.
What is more threatening is that, Fireball is designed to run any programming code on the infected computer and download files. Thus, it is capable of spying on users of infected computers and installing more malware. Such cyber spying can lead to theft of banking credentials, patents, and other confidential data.
Fireball is potent enough to wreck a havoc given it has already infiltrated 20 percent of world’s corporate networks along with 250 million PCs, as per Check Point data. India accounts for 43 percent of total corporate infection and 10 percent of general infection.
The finding says, “Based on our estimated infection rate, in such a scenario, one out of five corporations worldwide will be susceptible to a major breach.”
The catch is that Fireball, as it acts as an adware and not a vicious malware, has a legit digital certificate. It is easily spread through the popular adware technique called ‘bundling’ where the malware is secretly bundled with other softwares and gets installed on the computer along with the software. Fireball uses two major types of bundling—either other Rafotech products like ‘Deal Wifi’ or with freeware products like ‘FVP Imageviewer’.
