Fireball Malware Infects 250 Million Computers

posted by martyb on Friday June 02, @02:41PM
MrPlow writes:

Submitted via IRC for TheMightyBuzzard

Check Point Threat Intelligence and research teams recently discovered a high volume Chinese threat operation which has infected over 250 million computers worldwide. The installed malware, Fireball, takes over target browsers and turns them into zombies. Fireball has two main functionalities: the ability of running any code on victim computers–downloading any file or malware, and hijacking and manipulating infected users' web-traffic to generate ad-revenue. Currently, Fireball installs plug-ins and additional configurations to boost its advertisements, but just as easily it can turn into a prominent distributor for any additional malware.

This operation is run by Rafotech, a large digital marketing agency based in Beijing. Rafotech uses Fireball to manipulate the victims' browsers and turn their default search engines and home-pages into fake search engines. This redirects the queries to either yahoo.com or Google.com. The fake search engines include tracking pixels used to collect the users' private information. Fireball has the ability to spy on victims, perform efficient malware dropping, and execute any malicious code in the infected machines, this creates a massive security flaw in targeted machines and networks.

[...] According to our analysis, over 250 million computers worldwide have been infected: specifically, 25.3 million infections in India (10.1%), 24.1 million in Brazil (9.6%), 16.1 million in Mexico (6.4%), and 13.1 million in Indonesia (5.2%). The United States has witnessed 5.5 million infections (2.2%).

Based on Check Point's global sensors, 20% of all corporate networks are affected. Hit rates in the US (10.7%) and China (4.7%) are alarming; but Indonesia (60%), India (43%) and Brazil (38%) have much more dangerous hit rates.

Source: http://blog.checkpoint.com/2017/06/01/fireball-chinese-malware-250-million-infection/

  • (Score: 1, Interesting) by Anonymous Coward on Friday June 02, @02:58PM

    by Anonymous Coward on Friday June 02, @02:58PM (#519382)

    Based on Check Point's global sensors, 20% of all corporate networks are affected. Hit rates in the US (10.7%) and China (4.7%) are alarming; but Indonesia (60%), India (43%) and Brazil (38%) have much more dangerous hit rates.

    Sooo, windows then?

    In all seriousness: these are huge numbers and if I remember Mr. Sagan: Extraordinary claims require extraordinary evidence. I've never heard of these checkpoint people. I'm not saying that I don't believe them, I'm saying I don't believe them yet.

  • (Score: 0) by Anonymous Coward on Friday June 02, @02:58PM

    by Anonymous Coward on Friday June 02, @02:58PM (#519383)

    ...just a way to disguise the off taste of an inferior spirit?

  • (Score: 0) by Anonymous Coward on Friday June 02, @03:03PM (1 child)

    by Anonymous Coward on Friday June 02, @03:03PM (#519387)

    To late. My ISP already did that.

    • (Score: 0) by Anonymous Coward on Friday June 02, @03:14PM

      by Anonymous Coward on Friday June 02, @03:14PM (#519395)

      Ha ha ha, I'd like to see them try...

      Lynx/2.8.8dev.3 libwww-FM/2.14 SSL-MM/1.4.1

  • (Score: 2) by MichaelDavidCrawford on Friday June 02, @03:05PM

    by MichaelDavidCrawford (2339) Subscriber Badge <mdcrawford@gmail.com> on Friday June 02, @03:05PM (#519388) Homepage Journal

    Twice now I've seen gigs posted on the job boards, seeking someone who will set the browser's homepage while preventing it from being set for anything else.

    we have a ... crazy person (MDC), that regularly posts more coherent and interesting things than do these racist trolls
