© 2017 Tritium Information Security 
Privacy Policy

Tritium Information Security | 3375 Park Ave Suite 4000  Wantagh, NY 11793 |  855-395-9896 |  info@tritiumusa.com

Please reload

Recent Posts

Fireball Malware Incinerates 250 Million Computers Worldwide

Over 250 million computers and 20% of corporate networks worldwide have fallen victim to Fireball

 

 

Check Point Tech recently discovered a Chinese operation that has infected over 250 million computers worldwide. The malware dubbed "Fireball" hijacks browsers turning them into zombies. Once installed Fireball is able to run any code on victim computers–downloading any file or malware, and hijacking and manipulating infected users’ web-traffic to generate ad-revenue.

 

The masterminds behind Fireball are a Beijing based digital marketing agency called Rafotech. "Rafotech uses Fireball to manipulate the victims’ browsers and turn their default search engines and home-pages into fake search engines. This redirects the queries to either yahoo.com or Google.com" Check Point Tech reports.

 

Stages of Fireball Infection Courtesy of Check Point

 

"The fake search engines include tracking pixels used to collect the users' private information. Fireball has the ability to  spy on victims, perform efficient malware dropping, and execute any malicious code in the infected machines, this creates a massive security flaw in targeted machines and networks."

 

The search engines also includes the tracking of pixels which are used to collect sensitive user data. The malware is spread by being bundled with other software that users intentionally download making it difficult to detect. When approached by Check Point, Rafotech doesn't admit to producing hijacking browsers and fake search engines. They do however, "declare itself a successful marketing agency, reaching 300 million users worldwide - coincidentally similar to our number of estimated infections."

 

 

HOW CAN I KNOW IF I AM INFECTED?

 

To check if you’re infected, first open your web browser. Was your home-page set by you? Are you able to modify it? Are you familiar with your default search engine and can modify that as well? Do you remember installing all of your browser extensions?

If the answer to any of these questions is “NO”, this is a sign that you’re infected with adware. You can also use a recommended adware scanner, just to be extra cautious.

 

 

HOW DO I REMOVE THE MALWARE, ONCE INFECTED?

To remove almost any adware, follow these simple steps:

  1. Uninstall the adware by removing the application from the Programs and Features list in the Windows Control Panel.

 

For Mac OS users:

  1. Use the Finder to locate the Applications

  2. Drag the suspicious file to the Trash.

  3. Empty the Trash.

 

Note – A usable program is not always installed on the machine and therefore may not be found on the program list.

 

  1. Scan and clean your machine, using:

  • Anti-Malware software

  • Adware cleaner software

 

  1. Remove malicious Add-ons, extensions or plug-ins from your browser:

On Google Chrome:

 

a.       Click the Chrome menu icon and select Tools > Extensions.

b.      Locate and select any suspicious Add-ons.

c.       Click the trash can icon to delete.

 

On Internet Explorer:

 

a.       Click the Setting icon and select Manage Add-ons.

b.      Locate and remove any malicious Add-ons.

On Mozilla Firefox:

 

a.       Click the Firefox menu icon and go to the Tools tab.

b.      Select Add-ons > Extensions.

A new window opens.

c.       Remove any suspicious Add-ons.

d.      Go to the Add-ons manager > Plugins.

e.      Locate and disable any malicious plugins.

 

On Safari:

 

a.       Make sure the browser is active.

b.      Click the Safari tab and select preferences.

A new window opens.

c.       Select the Extensions tab.

d.      Locate and uninstall any suspicious extensions.

 

 

  1. Restore your internet browser to its default settings:

On Google Chrome:

 

a.       Click the Chrome menu icon, and select Settings.

b.      In the On startup section, click Set Pages.

c.       Delete the malicious pages from the Startup pages list.

d.      Find the Show Home button option and select Change.

e.      In the Open this page field, delete the malicious search engine page.

f.        In the Search section, select Manage search engines.

g.       Select the malicious search engine page and remove from the list.

 

On Internet Explorer:

 

a.       Select the Tools tab and then select Internet Options.

A new window opens.

b.      In the Advanced tab, select Reset.

c.       Check the Delete personal settings box.

d.      Click the Reset button.

 

On Mozilla Firefox:

 

a.       Enable the browser Menu Bar by clicking the blank space near the page tabs.

b.      Click the Help tab, and go to Troubleshooting information.

A new window opens.

c.       Select Reset Firefox.

 

On Safari:

 

a.       Select the Safari tab and then select Preferences.

A new window opens.

b.      In the Privacy tab, the Manage Website Data… button.

A new window opens.

c.       Click the Remove All button.

 

 Source: Check Point Tech

Share on Facebook
Share on Twitter
Please reload

Follow Us