Earlier this month, security experts from Check Point made a report about a browser hijacker and malware downloader dubbed Fireball. The security company claimed that the Chinese malware had infected more than 250 million systems. Microsoft, on the other hand, says that it has been tracking the malware since 2015, and the amount of infected system is actually not more than 40 million.
Check Point and Microsoft on Fireball Browser Hijacker Malware Infections
Nonetheless, the two companies shook hands on some things. Both companies agree on the type of the malware – hijacker and download – and its way of distribution. Fireball is spread via bundling and the user downloads it alongside another program. This method is widely used in the distribution of ad-supported software so this is no surprise.
Check Point claims that Firewall has been developed by a Chinese digital marketing company Rafotech.
Both companies also agree on the program’s activities: hijacking the victim’s browser and replacing his search engine with a fake one, and setting its own homepage. In addition to this typical browser hijacking behavior, Check Point says Fireball is also capable of downloading other malware, bypassing anti-malware detection and using command-and-control techniques.
Different Infection Numbers, Similar Technical Details
What the two companies don’t agree on is the number of victims. Check Point’s number is based on its global network activity sensors, with data traffic rankings from Alexa. Rafotech runs a lot of fake search pages which sometimes get into Alexa’s top 1,000 sites. Rafotech also says that its reach is 300 million users, a number quite close to the number quoted by Check Point (250 million infections). The security firm also claims that 20% of corporate networks are compromised.
Microsoft’s infection estimates are quite different, based on the number of Windows systems it has cleaned from Fireball and associated malware. These systems have been cleaned with Windows Defender and the Malicious Software Removal Tool.
Have you been infected by the Fireball malware? Let us know in the comments below!