A piece of malware, dubbed Fireball, has made its way on to 20 percent of corporate networks worldwide.
Check Point researchers revealed today that the malware has infected over 250 million computers around the world by targeting and enslaving the computer's web browsers, hijacking their traffic and showing its unfortunate victims advertisements.
Fireball also installs plug-ins to boost its advertisements. That same functionality, though it has not yet been seen in the wild, could also be used to distribute additional malware.
While Fireball could do a lot worse, all that has currently been witnessed is typical adware behaviour – perverting normal operation of the computer and taking over its search engine preferences to generate ad revenue for its masters.
Check Point researchers gave SC Media UK an exclusive sneak preview of their findings which indicate that although it's operating on a massive scale, it could be far worse.
They said that they have “not yet seen Fireball being used for malicious activity such as downloading malware, but it has created a huge global network of 250 million machines with backdoors that can easily be exploited using the mechanisms Check Point describes – so users are advised to take steps to remove the Fireball adware from their machines immediately.”
Perhaps the most striking thing about the malware is its sheer scale, having made its way onto a full fifth of the world's corporate networks. In the UK 9.3 percent of firms have a computer infected with Fireball. That number rises to 10.7 percent in the US, 38 percent in Indonesia, 43 percent in India and 60 percent in Indonesia.
Another example of Fireball's incredible success is the fake search engines that it sends its victims to. According to Alexa data, 14 of those search engines are within the top 10,000 websites and a few are even within the top 1000.
Fireball is typically spread through a process known as bundling in which adware is packaged with free software that users download voluntarily.
Fireball is produced by a Beijing based marketing company called Rafotech, who did not respond to SC's request for comment.
The legality of this kind of adware falls within a large grey area. “Rafotech carefully walks along the edge of legitimacy. Knowing that adware distribution is not considered a crime like malware distribution is, many companies provide software or services for free, and make their profits by harvesting data or presenting advertisements. Once a client agrees to the installation of extra features or software to his/her computer, it is hard to claim malicious intent on behalf of the provider,” Check Point said.
Fortunately, this legally grey kind of adware can be removed simply. PCs can get rid of it using Windows' Programs and Features list and Macs can do so using Mac Finder. Check Point also recommends removing malicious add-ons, plugins and extensions.
