"FireBall" Adware massive hits


Adware that infects your computer to display pop-ups is an annoyance. But when it infects as many as one in five networks in the world, and hides the capability to do far more serious damage to its victims.
The security firm Check Point has count 250 million PCs infected with malicious code they've called Fireball, designed to hijack browsers to change the default search engine, and track their web traffic on behalf of a Beijing-based digital marketing firm called Rafotech. It also says it found that the malware also has the ability to remotely run any code on the victim's machine, or download new malicious files. It's potentially serious malware, disguised as something more trivial.
"A quarter-billion computers could very easily become victims of real malware," says Maya Horowitz, the head of Check Point research team. "It installs a backdoor into all these computers that can be very, very easily exploited in the hands of the Chinese people behind this campaign."
  • The Hack

Check Point found that at least some portion of an estimated hundreds of millions of computers infected with Fireball contracted the malware via free software that was "bundled" with Rafotech's code. The researchers point to freeware like Soso Desktop and FVP Imageviewer, both of which have been packaged with the adware in some cases. But since none of those free applications is particularly popular or even recognizable to Americans, Check Point's Horowitz admits that the researchers don't know if other common techniques, like phishing or exploit kits, are also used to install the malware.
Rafotech may monetize the traffic of its infected computers by taking a fee when infected machines visit the website of one of its clients, Check Point speculates. The search engines to which it directs hijacked browsers use tracking pixels that could identify infected machines again when they end up on a destination site. But Check Point says it can't be exactly sure how Rafotech profits from hosting Google and Yahoo search results on obscure sites.
  • Who's Affected?

Check Point arrived at its 250 million infections estimate by looking at Alexa traffic statistics to those search sites. But the security firm says it's possible they missed some domains, and therefore undercounted. (Rafotech suspiciously boasts that it has a reach of over 300 million users on its website.) Based on analysis of its own network of clients, Check Point estimates that one in five corporate networks globally have at least one infection. But only a fraction of those victims, around 5.5 million PCs, are in the US. Far worse hit are countries like India and Brazil, with close to 25 million infected machines each.
  • How Serious Is This?

Adware is a troubling nuisance. But Check Point warns that FireBall should be judged not by what's it's doing, but what it could do: Allow its administrators to turn their unwilling ad-revenue generation audience into a botnet, or to harvest credentials and other private data en masse.

"Something behind this is fishy, and the intentions of the developers aren’t only to monetize on advertisements," she says. "We don’t know their plan, and if there really is one. But it looks like they want to have the opportunity to take it to the next level. And they can."

Comments

Post a Comment

Popular posts from this blog

POS: Security Flaws allows hacker to change price, steal data

Image
Researchers at ERPScan discovered that SAP’s POS product, that is a component of the company’s SAP for Retail giving, was stricken by many flaws. Specifically, the system’s server element, Xpress Server, lacked necessary authorization checks for vital practicality. This allows AN assailant with access to the system to send malicious configuration files to Xpress Server and gain complete management of each the frontend and backend of the PoS system. A hacker will abuse tens of commands, permitting them to steal knowledge from all the credit and debit cards used at the targeted store, and apply special costs and discounts to such that things. These discounts is applied for such that times in order that AN item contains a tiny value only fraudsters visit purchase it. Fraudsters may also got wind of the system in order that their purchases area unit charged to the previous customer’s card. An assailant may also modification the info displayed on a receipt, as well as to s
Read more

"FruitFly" Mac malware: longstanding Mac backdoor discovered

Image
The FBI is presently work many infections tied to a mysterious family of Mac-based malware known as "FruitFly." When asked concerning the threat, a proponent for the Bureau told Motherboard that "as a matter of long policy, the FBI neither confirms nor denies the existence of investigations." however 2 security researchers say the FBI is so work the malware. One of the researchers, Malwarebytes's Thomas Reed, discovered the primary variant of FruitFly back in Jan 2017. At the time, he represented the threat as "a piece of malware in contrast to something I’ve seen before, that seems to possess really been alive, undetected, for a few time." FruitFly one is "extremely oversimplified on the surface," in Reed's estimation. however it distinguishes itself by its use of "ancient" functions to capture screenshots and acquire digital camera access. The malware's binary additionally contains lib jpeg, open ASCII tex
Read more

MalwareTech: Not guilty for unleashing a Kronos banking malware

Image
British cybersecurity researcher credited with serving to curb the recent WannaCry ransomware attack pleaded innocent  to federal charges accuse him of making malicious computer code to steal banking info 3 years past. Marcus Hutchins entered his plea in Wisconsin tribunal, wherever prosecutors charged him and an nameless co-defendant with conspiring to commit pc fraud within the state et al. Authorities arrested the 23-year-old man August. 2 at McCarran International airport in urban center, wherever he was aiming to board a flight to his zero in Ilfracombe, England. He had been in las vegas for DEFCON. Hutchins' professional, Marcia Hofmann, aforementioned when Monday's transient hearing that Hutchins can fight the costs which “when the proof involves lightweight, we have a tendency to square measure assured he are going to be totally guiltless.” “Marcus Hutchins could be a sensible young man and a hero,” Hofmann aforementioned. Hutchins left later during
Read more