Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
Security Advertising China Desktops (Apple) Microsoft OS X Privacy The Almighty Buck Windows

Chinese 'Fireball' Malware Infects Nearly 250 Million Computers Worldwide (thehackernews.com) 66

Check Point researchers have discovered a massive malware campaign, dubbed Fireball, that has already infected more than 250 million computers across the world, including Windows and Mac OS. The Fireball malware "is an adware package that takes complete control of victim's web browsers and turns them into zombies, potentially allowing attackers to spy on victim's web traffic and potentially steal their data," reports The Hacker News. From the report: Check Point researchers, who discovered this massive malware campaign, linked the operation to Rafotech, a Chinese company which claims to offer digital marketing and game apps to 300 million customers. While the company is currently using Fireball for generating revenue by injecting advertisements onto the browsers, the malware can be quickly turned into a massive destroyer to cause a significant cyber security incident worldwide. Fireball comes bundled with other free software programs that you download off of the Internet. Once installed, the malware installs browser plugins to manipulate the victim's web browser configurations to replace their default search engines and home pages with fake search engines (trotux.com). "It's important to remember that when a user installs freeware, additional malware isn't necessarily dropped at the same time," researchers said. "Furthermore, it is likely that Rafotech is using additional distribution methods, such as spreading freeware under fake names, spam, or even buying installs from threat actors."
This discussion has been archived. No new comments can be posted.

Chinese 'Fireball' Malware Infects Nearly 250 Million Computers Worldwide

Comments Filter:
  • How do I find out if I'm infuckted? File to look for? Program I can download and run to say yay/nea?
    • Re:So, uhhh (Score:5, Funny)

      by hcs_$reboot ( 1536101 ) on Friday June 02, 2017 @08:11PM (#54539641)
      You should see an icon (bottom left) click on it, and click "About". If you see "wIndows" anywhere, you're infected.
    • by AHuxley ( 892839 )
      Malwarebytes. If on Mac or Windows its aways good to have some AV.
      • I am responsible for security at an unnamed 3 letter government agency. I make sure patches are applied to 80k laptop and desktop windows workstations, and I can tell you Malwarebytes is not a realistic way to defend against something like this. Back in my days as a video game white-hat tester I wrote a python script. After much refactoring, it now logs in to every box through a client listener socket I have open on each workstation, and checks to make sure everything is patched. This is the only realis
        • Re: So, uhhh (Score:3, Informative)

          by hunter44102 ( 890157 )
          Did you read the article? This will indeed install on your patched systems because it comes as a payload with freeware software that the users install. So Malwarebytes is exactly what is needed to find and remove it.
        • Re:So, uhhh (Score:4, Funny)

          by mreed911 ( 794582 ) on Friday June 02, 2017 @11:02PM (#54540363)
          "Back in my days as a video game white-hat tester I wrote a python script. After much refactoring, it now logs in to every box through a client listener socket I have open on each workstation, and checks to make sure everything is patched." So you have homegrown python code listening on a custom socket and that has the ability to do administrative things on the computer? I see... tell me more about this setup, please... in the interest of "science."
          • by dbIII ( 701233 )

            listening on a custom socket and that has the ability to do administrative things on the computer

            MS Windows is like that :(
            MS Windows security is like a starlet's underwear. If it's there at all it doesn't cover much and is just there for decoration.
            You need third party tools (which do administrative things on the computer that in an ideal world only MS supplied tools could do) to fill up the gaps. So the above poster probably wrote something that acted like third party antivirus for specific situations

        • I am responsible for security at an unnamed 3 letter government agency.

          D. M. V.

          What do I win?

          You're simply priceless. Please keep posting, and I'll keep wiping coffee from my keyboard.

        • If you're patched up to the latest, you're not getting infected

          This is absolutely not true. A zero-day is by definition a vulnerability that is not yet known to the software vendor, so no patch can exist, and yet hackers can know about it.

          We've actually seen examples where Microsoft hasn't patched security flaws, and the flaw was being exploited by hackers. Here is one example, [slashdot.org] there are plenty.

        • You are responsible for security at a 3 letter government agency and you earn $50,000 in Silicon Valley?
        • Won't help you with zero days...but I guess your three letter agency has a broad catalog of zero days that are intentionally not shared with vendors.
  • by JoeyRox ( 2711699 ) on Friday June 02, 2017 @08:15PM (#54539669)
    Congratulations on compromising my Virtual Machine. I will one-click delete you now.
  • MacOS target (Score:3, Informative)

    by manu0601 ( 2221348 ) on Friday June 02, 2017 @08:26PM (#54539731)

    Hacker News's story notes MacOS is a target, but that information cannot be found in Checkpoint blog.

    The infection involves installation of plugins from Chrome. Is that native code? If it is the case, it is unlikely that multiple targets are maintained, as it costs money

    • Considering checkpoint has instructions at the bottom of the article for uninstall from MacOS and they state clearly it has multiple packaging methods I would say you simply didn't actually read the checkpoint report.
      • Well I used the search feature of my browser for the "mac" word and did not find it in the article. Weird.
    • My question is, can a website install a plugin in Chrome without our authorization?

  • ... to 300 million unaware, unwilling customers? Brilliant! Maybe this explains why my resume seems so lackluster.

  • Old news? (Score:5, Informative)

    by Altrag ( 195300 ) on Friday June 02, 2017 @08:33PM (#54539767)

    Sounds like its just Banzai Buddy 2.0..

    Unless there's something TFA is glossing over, it sounds like fairly standard adware.. they even state that it safely goes away when you uninstall the offending container software, making it actually less obnoxious than Banzai Buddy and his friends from a decade ago.

    • by dbIII ( 701233 )
      Minor nitpick (especially minor since a google search would now sort out the spelling mistake), but it was Bonzi Buddy.
      It was incredibly annoying. I'd had to go back to doing support every now and again, had a user complain about a very slow PC, found that piece of shit malware on it, deleted it, and then had to explain to that user's manager why I had made the user angry by removing the user's "friend".
      • by Altrag ( 195300 )

        Hah! Thanks, I knew that didn't look right but close enough that I didn't bother double-checking ;).

    • by AmiMoJo ( 196126 )

      Also, why is it "Chinese" malware? Malware made by Americans isn't usually referred to as "American malware". That designation is reserved for US government malware.

  • Calm down (Score:5, Interesting)

    by TheOuterLinux ( 4778741 ) on Friday June 02, 2017 @08:37PM (#54539785)
    Fireball is literally no different then the ad-based crap Window$ pushes. It's not harmful on its own but can be used maliciously. Though, I doubt anyone really read the source. Fireball is a Chinese thing. Do you get your freemium software from Chinese websites? If you are a Slashdotter, then hopeful not, or your a sadomasochist/complete moron. This is nothing more than a clever scare brought on by Micro$oft to get people on the M$ store bandwagon. Just learn to use FOSS applications. I know it's unjustifiably painful for whatever reason for Window$ users to not pay for things that are developed by hundreds of collaborators with source code to look at, but it won't actually hurt you.
    • Do you get your freemium software from Chinese websites? If you are a Slashdotter, then hopeful not, or your a sadomasochist/complete moron.

      But some of us get enjoyment out of breaking Windows as much as possible before a reformat or HDD change.

      • Sounds like instant gratification to me.
  • Ive said it a thousand times the only way this ends is to go after the money, The people who pay for the adverting.Affiliates have to get paid somehow and the product seller knows who they are.so records are kept and codes so affiliates"scumbag spammers. Then you actually need to go after these guys maybe if the NSA ,FBI,CIA scumbags stopped spying/data mining on regular people living their lives and go after these scumbags that would work too.

Garbage In -- Gospel Out.

Working...