“Fireball” Malware Attack Reportedly Enslaved 250 Million Computers

"Fireball" Malware Attack Reportedly Enslaved 250 Million Computers

A massive worldwide malware attack called “Fireball” is being reported by experts who estimate it already has infected and taken over 250 million computers.

And it’s growing.

A recent report from Check Point, a tech company that since 1993 has been working to protect computers from threats, said the program is run by an online ad company from China and, among other things, fabricates online clicks to raise revenue.

“The installed malware … takes over target browsers and turns them into zombies. Fireball has two main functionalities: the ability of running any code on victim computers – downloading any file or malware, and hijacking and manipulating infected users’ web-traffic to generate ad revenue,” the report said.

The malware also installs plug-ins and other “configurations” to boost ad counts.

“The operation is run by Rafotech, a large digital marketing agency based in Beijing,” the report said.

“Rafotech uses Fireball to manipulate the victims’ browsers and turn their default search engines and home-pages into fake search engines. The fake search engines include tracking pixels used to collect the users’ private information.

“Fireball has the ability to spy on victims, perform efficient malware dropping, and execute any malicious code in the infected machines …” the report said.

While malware is a common threat, it’s the size of the invasion that grabs attention. Check Point calls it “alarming.”

“According to our analysis, over 250 million computers worldwide have been infected: specifically, 25.3 million infections in India (10.1 percent), 24.1 million in Brazil (9.6 percent), 16.1 million in Mexico (6.4 percent), and 13.1 million in Indonesia (5.2 percent).

The United States has witnessed 5.5 million infections (2.2 percent).”

The report said that based on Check Point’s global sensors, 20 percent of all corporate networks are affected.

“Hit rates in the U.S. (10.7 percent) and China (4.7 percent) are alarming; but Indonesia (60 percent), India (43 percent) and Brazil (38 percent) have much more dangerous hit rates,” Check Point said.

“Another indicator of the incredibly high infection rate is the popularity of Rafotech’s fake search engines. According to Alexa’s web traffic data, 14 of these fake search engines are among the top 10,000 websites, with some of them occasionally reaching the top 1,000.”

The report said Rafotech isn’t admitting to hijacking computers but does boast of being a successful marketing agency with a reach of 300 million users “coincidentally similar to our number of estimated infections,” the report said.

The Chinese company dances along the edge of legality by bundling, which means it downloads its program and installs it alongside another program a user authorizes.

“Once a client agrees to the installment of extra features or software to his/her computer, it is hard to claim malicious intent on behalf of the provider,” the report said.

Further, the programs cannot be uninstalled by an ordinary user.

Often the malware comes with other Rafotech products, such as Deal Wifi, Mustang Brower and Soso Desktop, the report said.

“It’s important to remember that when a user installs freeware, additional malware isn’t necessarily dropped at the same time.

If you download a suspicious freeware and nothing happens on the spot, it doesn’t necessarily mean that something isn’t happening behind the scenes.”

Fortune reported it could be the largest infection operation in history.

And Wired said: “Rafotech may monetize the traffic of its infected computers by taking a fee when infected machines visit the website of one of its clients. … The search engines to which it directs hijacked browsers use tracking pixels that could identify infected machines again when they end up on a destination site.”

Experts say antivirus scanners and repair programs might be able to clean up the infections.

“Something behind this is fishy, and the intentions of the developers aren’t only to monetize on advertisements.

We don’t know their plan, and if there really is one.

But it looks like they want to have the opportunity to take it to the next level. And they can,” the report said.

Last year, consumers accused Microsoft of similar stunts when the company set up forced downloads of the Windows 10 operating system. When an option box appeared on screen for consumers to download Windows 10, clicking the “X,” instead of closing the option box, forced the computer to start the download.

#Vault7: “Pandemic” Malware Turns File Servers into “Patient Zero”

If you haven’t checked out and liked our Facebook page, please go here and do so.