Over 250 million computers worldwide are estimated to be infected by a new malware called Fireball.
Fireball takes over browsers and uses them to boost its advertisements. It does this by changing the browser’s default search engine to fake search engines that use Google or Yahoo in the background but include tracking techniques that allow the creators of Fireball to track the searches performed by its victims.
The bigger threat
But Fireball is especially troubling because it’s more than your typical malware. In addition to taking over browsers, it also has the ability to run any code on its infected computers. It can even download new files if necessary to carry out its mission.
So in addition to hijacking browsers, it has the ability to install additional malicious software like other viruses, malware, trojans, or ransomware.
Because it can download and execute new code, Fireball could be used by its creators to install rootkits, key loggers, and other dangerous software. It could even be used to steal information like usernames, passwords, bank accounts, credit cards, social security numbers, and other sensitive data and pass it back to Fireball’s creators for identity theft or sale on the black market.
It doesn’t appear that Fireball is currently doing more than just browser hijacking, but the potential is there. Since the ability to run new code in the future was built into Fireball on purpose, one can only speculate that it was intended by its creators to eventually use that capability.
A security firm called Check Point identified the Fireball infections and traced the origin back to a Beijing, China-based digital marketing company called Rafotech.
Check Point also discovered that Fireball is spread mostly by secretly bundling it in with other software that people want. By hiding it inside a software program that people are intentionally downloading and installing they are able to slip it past most firewalls and anti-virus.
Check Point estimated that only 5.5 million of the 250 million total infected computers are in the United States.
It’s good news that Fireball hasn’t infected as many computers in the United States as it has elsewhere, but it’s still a serious threat.
How to protect against Fireball
Avoid downloading or installing software unless you’re positive it’s safe. The best way to ensure the software you want is safe is to make sure it’s coming from a reputable source.
Apps sold through the Microsoft Store, Google Play Store, or Apple App Store go through a vetting process that can help to weed out malicious software like Fireball.
Follow good security practices
In addition to using caution when downloading or installing software, it’s always a good idea to follow good security practices, such as:
- Stay up to date on all Microsoft and 3rd party patches
- Install and run a high-quality anti-virus software
- Secure your network with a business-class firewall
- Tighten your firewall configuration (the standard config is too weak)
- Limit user permissions on your computers to the bare minimum needed
- Have great backups (you never know when you might need them)
What if you think you have a Fireball infection?
Even though Fireball doesn’t currently try to spread itself the way that computer viruses do, it’s still best to immediately shut down any computers you think might be infected and have them checked by an IT expert. They can determine if you are infected with Fireball or not and clear the infection off for you in the event you are infected.
– Weston Henry
Do you feel safe against Fireball?
If the creators of Fireball have been identified, should there be consequences for them creating a hack like this against millions of computers?
What else can be done to defend against Fireball?