Malware, Network Security

Fireball threat ‘overblown,’ says Microsoft

Claiming that it's got the Fireball malware threat under control, Microsoft is asserting on a company blog that the "reported magnitude of its reach might have been overblown."

While acknowledging that the threat from the various malware grouped under the Fireball banner is real, the company said it has been keeping tabs on the scourge since 2015 and has issued protections and defenses against it.

The initial infections from Fireball arrive via software bundling, primarily in clean programs which it exploits as a host and from which it injects its malicious code, thus evading detection.

But, Microsoft claimed in its blog post that Windows 10 users are protected from infection through its Windows Defender Antivirus and Microsoft Malicious Software Removal Tool (MSRT). Further, another layer of protection is offered, it stated, as its latest OS only allows apps available from the Windows Store to run, and no malware from the Fireball suite has been detected in the store.

In other Microsoft news, the Redmond giant announced on Wednesday that it is eliminating time limits for its Edge bug bounty program, according to a post on ThreatPost.

Originally an enticement for security researchers delving into remote code execution flaws, the program was expanded to allow for rewards for finding design flaws in the browser. Set to expire in May, Microsoft said it will now extend the offering.

The company said it has so far rewarded bug bounty hunters with $200,000.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.