With ransomware news reaching a fever pitch after last month’s WannaCry attack, this month has introduced us to a new deluge that is gripping the Infosec world concerning malware by the name of 'Fireball', that has, according to most estimates, infected close to 250 million computers around the world.
Fireball is Hijackware
The Fireball malware functions as a 'browser hijacker' or 'hijackware'; a type of malware that, when downloaded, takes control of and modifies a user's web browser. In this particular instance, Fireball is focused on adware and, when downloaded and executed, concentrates on redirecting browser traffic on a user’s infected machine in order to generate ad revenue for, according to CYBONET technology partner Check Point Technologies, a Chinese digital marketing agency named Rafotech.
Today, Fireball is functioning in a highly controversial gray zone of legality by focusing its energies exclusively on adware and, in doing so, escaping the official label of malware. As Check Point noted in their recent analysis, “Many companies provide software or services for free, and make their profits by harvesting data or presenting advertisements. Once a client agrees to the install of extra features or software to his/her computer, it is hard to claim malicious intent on behalf of the provider.”
The spread of Fireball has been fast and widespread, with an infection rate that is as geographically expansive as it is high. According to researchers, of the 250 million computers infected, 20% of them are corporate networks:
- 25.3 million infections in India (10.1%)
- 24.1 million in Brazil (9.6%)
- 16.1 million in Mexico (6.4%)
- 13.1 million in Indonesia (5.2%)
- 5.5 million in the US (2.2%)
Removal and Prevention
For the near term at least, the positive aspect of this particular outbreak is that, in addition to its narrow adware focus, removal of Fireball is generally straightforward:
- The malware can be easily located in Windows machines by identifying the application in the Programs and Features list in Windows Control Panel
- Mac users can utilize the Mac Finder function in the Applications folder
- Additionally, removal of any extensions and add-ons located in the browser settings of the infected computer is also critical
Prevention, as with all information security, boils down as much to education as anything else. Typically, Fireball is bundled with perfectly legitimate free software that users download without reservation on a daily basis. Encourage users to carefully review the optional installs that so often accompany free software downloads and to exercise caution when agreeing to any downloads online.
Prevention, Education and the Importance of Detection
With the rise of these global infections, CYBONET recognizes that 100% prevention against all the various advanced threats is not attainable. Successful campaigns like the recent ransomware attacks and Fireball’s current proliferation, overwhelmingly succeed due to unknowing user error, effective deception or lack of education. With the continuing evolution and scale of these threats, organizations' vulnerabilities can be exposed by even seemingly unsophisticated attacks that successfully deceive an unknowing user.