Malware infecting 250 million devices could be a 'catastrophe'

[Batu69]

FIREBALL – The Chinese Malware of 250 Million Computers Infected

 

See details here > FIREBALL – The Chinese Malware of 250 Million Computers Infected

 

An invasive form of malware believed to be attached to a Chinese firm could spell "global catastrophe," according to the cybersecurity firm that discovered it. The software has the power to gain near-complete control of targets, including spying on files.

 

Dubbed Fireball, the malware was found by researchers at Check Point Security. The team said its purpose is to hijack web traffic to generate fraudulent ad revenue. It also includes remote control features for downloading more malware in the future.

 

Fireball has already infected over 250 million computers worldwide. When it embeds itself into a machine, it takes control of the web browsers and "turns them into zombies." The browsers end up acting on Fireball's behalf. While it's currently relatively innocuous, focusing on installing plugins to increase ad distribution, Check Point warned it could easily be modified to be more sinister.

 

Because Fireball is so powerful, it can be expected it will soon be used as the basis of more serious attacks. It can execute any code it desires on the user's machine, allowing it to steal files, spy on login activity and download additional malware. Although it's currently seeing use only as a browser hijacker for money-making purposes, Check Point explained that the potential is there to do much more.

 

"How severe is it? Try to imagine a pesticide armed with a nuclear bomb," the company said. "Yes, it can do the job, but it can also do much more."

Fireball is created by a Chinese firm called Rafotech. It is believed it has managed to infect so many machines worldwide because it frequently comes bundled with other applications. Users inadvertently install the software by blindly clicking through prompts from other apps.

 

Check Point said that Rafotech "carefully walks along the edge of legitimacy." The company purports to offer search and marketing services but many of its products appear to be fake or hijacking tools. In a curious coincidence, Rafotech's website proudly advertises that it reaches "300 million users," a similar feature to Fireball's global reach. According to Check Point, Rafotech has the capability to "initiate a global catastrophe."

 

If the company chose to use all of its software's capabilities, it could extract data from over 250 million PCs worldwide. Around 20% of the total Fireball installations are on corporate networks. It would be able to steal and sell sensitive documents, banking details and medical files.

 

If it wanted, it could instruct Fireball to download ransomware utilities, allowing it to extort money from businesses around the globe. Even if Rafotech itself remains content to settle in the grey area of shady bundled software, there are already many similar browser hijackers in existence.

 

Check Point found that Beijing-based ELEX Technology produces a series of products that may be related to Fireball. It is suspected that ELEX Technology and Rafotech are in some way related. Even if they're not directly under the same leadership, they appear to be aiding each other's distribution of browser hijacking utilities.

 

This suggests there are at least two collaborators with potentially unhindered access to a quarter of a billion computers worldwide. Check Point said Fireball represents a "great threat" to global cybersecurity and could be the largest infection campaign in history.

 

While its current intentions don't appear to be strongly malicious, there's nothing stopping its creators from embarking on a very different campaign. The distribution also presents other risks – if external hackers obtained the software, they could republish it themselves and unlock all its capabilities.

 

Article source

[jimbojet2011]

Checkpoint (Zonealarm) good work 

[steven36]

It not just computers  i visit a forum today that i been visiting along time  it was Hijacked  with Zeus Computer Scheme what it does is try make you think there Microsoft and wants you too pay too remove it  and it uses a  name and password  it hijacks a sites url  and it locks up you're browser  so you have too use the task manger to kill the browser  ..Don't fall for it just a scam  it dont do nothing.

 

 

New Microsoft scam fooling many users

http://wtop.com/tech/2017/01/data-doctors-new-microsoft-scam-fooling-many-users/

There using it too hijack web forums  and things now. What a bunch of morons i dont even use WD lol . If have Noscript on  the password prompt want show up therefore  it can't lock up you're browser .

[steven36]

As far as Fireball from what i'm reading it's no different than ASK or Yahoo toolbar It's more Chinese adware than malware you have  too install it.

Quote

 

From the article, IIUC, the infection is performed as part of the install of a downloaded program that the user has chosen to install, so the infection vector is similar to the pre-ticked "yes I want Yahoo Toolbar" option we see with other, legitimate installs, except in this case you don't even get asked. This strongly implies that the installer has to be able to execute on the target OS.

 

 

Back in the early 2000s programs with spyware without a opt out was quite conman , welcome to the past  ..   

[steven36]

2 minutes ago, 0bin said:

 

Something like this happen on Mac OS  before too.

 

New OS X Ransomware KeRanger Infected Transmission BitTorrent Client Installer

http://researchcenter.paloaltonetworks.com/2016/03/new-os-x-ransomware-keranger-infected-transmission-bittorrent-client-installer/

Same kind of thing happen to Linux Mint  when Hackers tanited installers  with malware iLinux/Tsunami-A

https://nakedsecurity.sophos.com/2016/02/22/worlds-biggest-linux-distro-infected-with-malware/

It could happen on any platform as long as it was made for that platform