CYBER NEWS

Check Point Opposes Microsoft on Fireball Malware Infection Rates

Earlier this month, security experts from Check Point made a report about a browser hijacker and malware downloader dubbed Fireball. The security company claimed that the Chinese malware had infected more than 250 million systems. Microsoft, on the other hand, says that it has been tracking the malware since 2015, and the amount of infected system is actually not more than 40 million.

Related Story: Microsoft Admits to Temporarily Disabling Parts of Third-Party AV Apps

Check Point and Microsoft on Fireball Browser Hijacker Malware Infections

Nonetheless, the two companies shook hands on some things. Both companies agree on the type of the malware – hijacker and download – and its way of distribution. Fireball is spread via bundling and the user downloads it alongside another program. This method is widely used in the distribution of ad-supported software so this is no surprise.
Check Point claims that Firewall has been developed by a Chinese digital marketing company Rafotech.

Both companies also agree on the program’s activities: hijacking the victim’s browser and replacing his search engine with a fake one, and setting its own homepage. In addition to this typical browser hijacking behavior, Check Point says Fireball is also capable of downloading other malware, bypassing anti-malware detection and using command-and-control techniques.

Different Infection Numbers, Similar Technical Details

What the two companies don’t agree on is the number of victims. Check Point’s number is based on its global network activity sensors, with data traffic rankings from Alexa. Rafotech runs a lot of fake search pages which sometimes get into Alexa’s top 1,000 sites. Rafotech also says that its reach is 300 million users, a number quite close to the number quoted by Check Point (250 million infections). The security firm also claims that 20% of corporate networks are compromised.

Related Story: RoughTed Malvertising Campaign Defeats Ad-Blockers

Microsoft’s infection estimates are quite different, based on the number of Windows systems it has cleaned from Fireball and associated malware. These systems have been cleaned with Windows Defender and the Malicious Software Removal Tool.

Have you been infected by the Fireball malware? Let us know in the comments below!

Milena Dimitrova

Milena Dimitrova

An inspired writer and content manager who has been with SensorsTechForum since the beginning. Focused on user privacy and malware development, she strongly believes in a world where cybersecurity plays a central role. If common sense makes no sense, she will be there to take notes. Those notes may later turn into articles! Follow Milena @Milenyim

More Posts

Follow Me:
Twitter

Leave a Comment

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload CAPTCHA.

Share on Facebook Share
Loading...
Share on Twitter Tweet
Loading...
Share on Google Plus Share
Loading...
Share on Linkedin Share
Loading...
Share on Digg Share
Share on Reddit Share
Loading...
Share on Stumbleupon Share
Loading...