fireball malware attack

A chinese malware that turned over 250 millions of web browser into a ad-revenue generating zombies .This  malware is called as "Fireball" and is capable of executing any code on the infected system resulting in a wide range of action like downloading file and malwares. A chinese digital marketing agency called Rafotech is said to be the reason for the spread of the malware.
Check Point Software Technologies said,The two main features of the Fireball was that it can run any code on victim computers it can also download any file or malware, this malware hijacked and manipulated the infected users web-traffic to generate ad-revenue for the chinese digital marketing agency "Rafotech" which was located in Beijing. “Currently, Fireball installs plugins and additional configurations to boost its advertisements, but just as easily it can turn into a prominent distributor for any additional malware.”
According to researchers,Rafotech is using Fireball to manipulate victims browsers in order to generate money via advertisment.It has the ability to spy on victims, perform efficient malware dropping, and execute any malicious code in the infected machines which in turn  created a massive security flaw in targeted machines and networks.
According to Check Point software technologies, victims were infected with Fireball malware via stealth installs that was bundled with desirable Rafotech apps such as Deal Wifi, Mustang Browser, Soso Desktop and FVP Imageviewer. Additionally, it has been distributed via third-party freeware and spam campaigns.

According to an analysis, over 250 million of computers worldwide have been infected by this malware,25.3 million computers were infected in India (10.1%), 24.1 million in Brazil (9.6%), 16.1 million in Mexico (6.4%), and 13.1 million in Indonesia (5.2%). The United States has witnessed 5.5 million infections (2.2%).
Based on Check Point’s global sensors,  20% of all corporate networks was affected . Hit rates in the US (10.7%) and China (4.7%) was alarming but Indonesia (60%), India (43%) and Brazil (38%) have much more dangerous hit rates.

Rafotech carefully walked along the edge of legitimacy, knowing that adware distribution is not considered a crime like malware distribution. Today, many companies provide their software and services for free, and make their profits by harvesting data or by presenting advertisements.
So it is important to remember that when a user installs freeware, the additional malware is not necessarily dropped at the same time. If anyone downloads a suspicious freeware and nothing happens on the spot, it doesn’t necessarily mean that nothing is happening behind the scenes.



Comments

Post a Comment

Popular posts from this blog

Information gathering using nmap

Image
             NMAP|PENETRATION TESTING TOOL INTRODUCTION Nmap (Network mapper) is a free and open source tool used for network discovery and security auditing. Nmap is a CLI(command line interface) based tool originally written by "Gordon Lyon". NmapFE is the GUI(Graphical user interface) based tool originally written by "Zach Smith" which was later replaced with Zenmap which is also a GUI based on UMIT, developed by "Adriano Monteiro Marques".To accomplish its goal, Nmap sends specially crafted packets to the target host(s) and then analyses the responses that it receives from the hosts(s). FEATURES  All the hosts present in the network along with their IP addresses can be discovered. Scans all the ports and give information about all the open and closed ports along with the port numbers. Determines the operating system of the hosts. Determines the application name and version number of remote devices. Finding and exploitin...
Read more