Submitted via IRC for TheMightyBuzzard
Check Point Threat Intelligence and research teams recently discovered a high volume Chinese threat operation which has infected over 250 million computers worldwide. The installed malware, Fireball, takes over target browsers and turns them into zombies. Fireball has two main functionalities: the ability of running any code on victim computers–downloading any file or malware, and hijacking and manipulating infected users' web-traffic to generate ad-revenue. Currently, Fireball installs plug-ins and additional configurations to boost its advertisements, but just as easily it can turn into a prominent distributor for any additional malware.
This operation is run by Rafotech, a large digital marketing agency based in Beijing. Rafotech uses Fireball to manipulate the victims' browsers and turn their default search engines and home-pages into fake search engines. This redirects the queries to either yahoo.com or Google.com. The fake search engines include tracking pixels used to collect the users' private information. Fireball has the ability to spy on victims, perform efficient malware dropping, and execute any malicious code in the infected machines, this creates a massive security flaw in targeted machines and networks.
[...] According to our analysis, over 250 million computers worldwide have been infected: specifically, 25.3 million infections in India (10.1%), 24.1 million in Brazil (9.6%), 16.1 million in Mexico (6.4%), and 13.1 million in Indonesia (5.2%). The United States has witnessed 5.5 million infections (2.2%).
Based on Check Point's global sensors, 20% of all corporate networks are affected. Hit rates in the US (10.7%) and China (4.7%) are alarming; but Indonesia (60%), India (43%) and Brazil (38%) have much more dangerous hit rates.
Source: http://blog.checkpoint.com/2017/06/01/fireball-chinese-malware-250-million-infection/
(Score: 1, Interesting) by Anonymous Coward on Friday June 02 2017, @02:58PM (5 children)
Sooo, windows then?
In all seriousness: these are huge numbers and if I remember Mr. Sagan: Extraordinary claims require extraordinary evidence. I've never heard of these checkpoint people. I'm not saying that I don't believe them, I'm saying I don't believe them yet.
(Score: 0) by Anonymous Coward on Friday June 02 2017, @03:44PM
Considering that this is a number that's orders of magnitude larger than what the Storm botnet managed to pull-off at its peak skepticism is warranted.
(Score: 3, Insightful) by Grishnakh on Friday June 02 2017, @04:45PM
Why the skepticism? How can you disbelieve this upstanding company that says there's a huge infection going around and you just need to purchase their product to avoid disaster? How can there be any question that they're being completely honest?
(Score: 2) by kaszz on Friday June 02 2017, @05:51PM (2 children)
From the article:
Not so obvious. Like they PRESUME all people are Microsoft groupies.
So it's a malware in two versions. For Microsoft Windows and Apple Mac OS.
Which proves the point that those software ecosystems should be avoided.
(Score: 2) by frojack on Friday June 02 2017, @07:43PM (1 child)
Its also so vague on the actual effects or detection of this Fearsome Fireball that its hard to know just WHAT users are supposed to remove.
TFA is a masterpiece of uninformative reporting. Does it ever get around to one clear example?
One could almost make the case that Fireball is actually Windows 10, since the global install base [theverge.com] is roughly the same size.
No, you are mistaken. I've always had this sig.
(Score: 2) by kaszz on Friday June 02 2017, @08:08PM
As for detection:
And seeing any of these addresses in outgoing traffic is likely a direct indicator of foul play.
But your point is straight on. The whole article reads just like a sales brief. Just puff and fluff but clinically clean of substance. It's probably easier to put up a honeypot and wait for any of these addresses to show up and then investigate the machine to find out some hard facts.
(Score: 0) by Anonymous Coward on Friday June 02 2017, @02:58PM
...just a way to disguise the off taste of an inferior spirit?
(Score: 0) by Anonymous Coward on Friday June 02 2017, @03:03PM (2 children)
To late. My ISP already did that.
(Score: 1, Funny) by Anonymous Coward on Friday June 02 2017, @03:14PM
Ha ha ha, I'd like to see them try...
(Score: 2) by c0lo on Friday June 02 2017, @03:39PM
FTFY. As in "to latte or not to latte"
https://www.youtube.com/watch?v=aoFiw2jMy-0 https://soylentnews.org/~MichaelDavidCrawford
(Score: 3, Interesting) by MichaelDavidCrawford on Friday June 02 2017, @03:05PM (1 child)
Twice now I've seen gigs posted on the job boards, seeking someone who will set the browser's homepage while preventing it from being set for anything else.
Yes I Have No Bananas. [gofundme.com]
(Score: 3, Insightful) by LoRdTAW on Friday June 02 2017, @05:22PM
That's the fault of the web browser for allowing a web page to send it commands. There should be ZERO control outside of page rendering. But no. We need all these hooks to allow stupid shit like webcams accessible from your fucking web browser. GREAT idea. Hardware access from the browser. Then we have people clamoring for native clients so you can play call of doody in one tab while surfing for asian porn on the other with ten pop ups and no idea what the fuck is happening under all that sloppy code. Because the browser makes everything so easily portable. Were moving into a hellish future where userspace is a fucking web browser.
The web is an awful scene full of awful code driven by greed.
(Score: 2, Informative) by shanec on Friday June 02 2017, @07:25PM (2 children)
It's not like CheckPoint didn't discover new variants of WannaCry (http://www.reuters.com/article/us-cyber-attack-virus-idUSKCN18B2IT [reuters.com]) just a few days ago. Or the sub-title attack before that (http://blog.checkpoint.com/2017/05/23/hacked-in-translation/ [checkpoint.com])? And it's not like they haven't made headlines time, and time again pointing out new viruses, and malware spreading across the net. (Not to mention their respectable firewall appliances)
CheckPoint's past history allows them a little variance in the "Prove It" category.
Just because you're stupid, doesn't mean the rest of the world is ignorant.
(Score: 2) by frojack on Friday June 02 2017, @07:49PM
And just because Checkpoint cries wolf about movie subtitles doesn't mean there is any actual threat.
No, you are mistaken. I've always had this sig.
(Score: 0) by Anonymous Coward on Saturday June 03 2017, @05:33PM
some people don't pay attention to stupid windows shit, you dumb ass. their/your whole computing world is a sad joke.