We haven’t heard too much about annoying popup ads or malicious adware lately, but there is a story this week to whet our appetites. Researchers at Check Point have found a neat little program that not only pops ads up all over your screen, but also has the potential to be far more dangerous. So far, Check Point estimates that over 250 million computers have been infected with a malicious adware they are calling Fireball. Researchers tracked it back to a company in Beijing.
This neat little morsel will not only hijack your browser and change your search engine, but will also track your browsing and send the results to a digital marketing firm called Rafotech. Admittedly, it may not necessarily have been initially designed to be malicious, but the researchers discovered that it also installs a backdoor into all of the machines it infects that can potentially be used by whomever is behind it to run remote code, download other malicious files, steal information from the device, or make the device part of a botnet.
Adware alone isn’t necessarily malicious, even if it is really bothersome. However, often it can be used for ill intent. Earlier this year, Google Chrome was used as part of a click fraud scheme and at the end of 2016, it was discovered that malware-as-a-service had been created and is being sold as a package which can provide a quick turn-key solution for anyone wanting to get into that business. While they often are used to market products and services en masse, they are also often used for exactly what Fireball has potential to do.
Always have antimalware and antivirus solutions installed on all devices. It should just be automatic to do this whenever a new computer or mobile device is purchased or acquired. Keep it updated at all times and to make it easier on yourself, enable the automatic update features. If you have downloaded this or another “potentially unwanted product” (PUP), use that antivirus product to get rid of it.
Be careful when downloading free products too. Check Point believes that this PUP was bundled with products called Soso Desktop or FVP Imageviewer, among others. These products aren’t particularly popular in the United States, but are well known in other countries and likely this same product is bundled with some type of freebie that is known in the U.S. and other countries. If there is an option to download add-on products included in software you are installing, make sure it’s unchecked to avoid things like downloading unwanted search engines.
Check Point estimates that one in five corporate networks around the world have at least one infection of Fireball. The number of anticipated infections in the U.S. in miniscule (5.5 million), relatively speaking. The bulk of them are in India and Brazil. Those two countries likely have 25 million infections each.
It’s not clear if those behind Fireball are monetizing it possibly by getting paid from clickthroughs or whenever someone visits sites of its customers. But that’s just a side note as to what this malware is about. The search engine uses results from Yahoo and Google, which could somehow contribute to that goal, but it can’t be verified at the moment.
© Copyright 2017 Stickley on Security