Fireball has been a hot topic lately, with security firm, CheckPoint, claiming that this branch of Chinese malware has infected 250 million computers worldwide. However, it turns out that the number of infected PCs may have been massively overestimated, as Microsoft has since spoken out against this claim, asking for a closer look at the research.
CheckPoint made these claims at the start of June, denouncing Beijing-based digital marketing agency, Rafotech, for using Fireball to manipulate its victims’ browser.
“Fireball has two main functionalities: the ability of running any code on victim computers–downloading any file or malware, and hijacking and manipulating infected users’ web-traffic to generate ad-revenue.” Infected users will experience “their default search engines and home pages turn into fake search engines. This redirects the queries to either yahoo.com or Google.com”.
“The fake search engines include tracking pixels used to collect the users' private information. Fireball has the ability to spy on victims, perform efficient malware dropping, and execute any malicious code in the infected machines, this creates a massive security flaw in targeted machines and networks.”
In its own post evaluating the threat, Microsoft has stated that “the reported magnitude of its reach might have been overblown”. The company has been keeping a close eye on Fireball since 2015 and it now has eyes on CheckPoint too, following the firm's recent claims. According to Microsoft, the data gathered by Check Point is flawed, as the data shows the total visits to fake search engine pages, rather than the number of devices actually infected.
“Not every machine that visits one of these sites is infected with malware. The search pages earn revenue regardless of how a user arrives at the page. Some may be loaded by users who are not infected during normal web browsing, for example, via advertisements or domain parking.”
Microsoft estimates the number of infected PCs to be closer to 5 million, rather than 250 million. However, CheckPoint appears to be standing by its original research for the time being, though the firm did concede that the numbers are “at least 40 million”, rather than the 5 million predicted by Microsoft. While the numbers are being evaluated CheckPoint has agreed to give Microsoft access to its data, which will hopefully result in a swifter solution to the problem.
KitGuru: CheckPoint's initial numbers may not have been entirely accurate but hopefully with Microsoft now on board, we will see a quicker turnaround when it comes to combatting this malware.