Stories
Slash Boxes
Comments

SoylentNews is people

posted by martyb on Friday June 02 2017, @02:41PM   Printer-friendly
from the how-to-be-a-top-1000-web-site dept.

Submitted via IRC for TheMightyBuzzard

Check Point Threat Intelligence and research teams recently discovered a high volume Chinese threat operation which has infected over 250 million computers worldwide. The installed malware, Fireball, takes over target browsers and turns them into zombies. Fireball has two main functionalities: the ability of running any code on victim computers–downloading any file or malware, and hijacking and manipulating infected users' web-traffic to generate ad-revenue. Currently, Fireball installs plug-ins and additional configurations to boost its advertisements, but just as easily it can turn into a prominent distributor for any additional malware.

This operation is run by Rafotech, a large digital marketing agency based in Beijing. Rafotech uses Fireball to manipulate the victims' browsers and turn their default search engines and home-pages into fake search engines. This redirects the queries to either yahoo.com or Google.com. The fake search engines include tracking pixels used to collect the users' private information. Fireball has the ability to spy on victims, perform efficient malware dropping, and execute any malicious code in the infected machines, this creates a massive security flaw in targeted machines and networks.

[...] According to our analysis, over 250 million computers worldwide have been infected: specifically, 25.3 million infections in India (10.1%), 24.1 million in Brazil (9.6%), 16.1 million in Mexico (6.4%), and 13.1 million in Indonesia (5.2%). The United States has witnessed 5.5 million infections (2.2%).

Based on Check Point's global sensors, 20% of all corporate networks are affected. Hit rates in the US (10.7%) and China (4.7%) are alarming; but Indonesia (60%), India (43%) and Brazil (38%) have much more dangerous hit rates.

Source: http://blog.checkpoint.com/2017/06/01/fireball-chinese-malware-250-million-infection/


Original Submission

 
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 2, Informative) by shanec on Friday June 02 2017, @07:25PM (2 children)

    by shanec (2928) on Friday June 02 2017, @07:25PM (#519526) Homepage

    It's not like CheckPoint didn't discover new variants of WannaCry (http://www.reuters.com/article/us-cyber-attack-virus-idUSKCN18B2IT [reuters.com]) just a few days ago. Or the sub-title attack before that (http://blog.checkpoint.com/2017/05/23/hacked-in-translation/ [checkpoint.com])? And it's not like they haven't made headlines time, and time again pointing out new viruses, and malware spreading across the net. (Not to mention their respectable firewall appliances)

    CheckPoint's past history allows them a little variance in the "Prove It" category.

    Just because you're stupid, doesn't mean the rest of the world is ignorant.

    Starting Score:    1  point
    Moderation   +1  
       Informative=1, Total=1
    Extra 'Informative' Modifier   0  

    Total Score:   2  
  • (Score: 2) by frojack on Friday June 02 2017, @07:49PM

    by frojack (1554) on Friday June 02 2017, @07:49PM (#519545) Journal

    And just because Checkpoint cries wolf about movie subtitles doesn't mean there is any actual threat.

    --
    No, you are mistaken. I've always had this sig.
  • (Score: 0) by Anonymous Coward on Saturday June 03 2017, @05:33PM

    by Anonymous Coward on Saturday June 03 2017, @05:33PM (#519921)

    some people don't pay attention to stupid windows shit, you dumb ass. their/your whole computing world is a sad joke.