FireBall Adware Infects Over 250 Million PCs

Schtask

Schtask

Limp Gawd
Joined
Nov 29, 2011
Messages
436
Security firm Check Point is warning users of a massive new Adware outbreak that is targeting web browsers across the globe. The Adware in question has been dubbed "Fireball" and is estimated to have already infected over 250 million users. Enterprise networks have also been hit. According to data gathered by Check Point's global sensors, 20% of corporate networks have been infected. The Adware has become so prevalent that some of Fireball's redirect pages have ranked in Alexa's Top 1000 site list.

Developed by Rafotech, a Chinese Digital Marketing company, Fireball is distributed via bundling with other software. Think twice before downloading "Deal Wifi", "Mustang Browser", "SoSo Desktop", "FVP Imageviewer", or any other software that even makes a passing glance in Rafotech's direction. Oh, and get this: Rafotech is able to pass off Fireball with legitimate digital certificates.

At its base functionality, Fireball manipulates the target's web browser and changes the default search engine and home page into a fake. This activity is much like any run of the mill browser hijacker. Where Fireball extends beyond those tactics rests in the Adware's ability to become a malware dropper, execute malicious code, and spy on users. In other words, FireBall will allow Rafotech to deploy and execute any malicious file to a target device. One minute you could be dealing with the frustrations inherent in having your browser hijacked. In the next minute you could be dealing with reGeorge, DNS Tunneling and Reverse Shells to Beijing.

If you happen to notice that your browser is taking you to search pages like Trotux, Hohosearch, Yessearches, Youndoo, Luckysearch123, StartPageing123 or anything other than what you normally use, you should probably fire up your nearest Adware Cleaner and get that handled. Precise removal directions can be found at the bottom of Check Point's report.
 
Last edited:
so its by a company, and they are probably happy with the success of it?

sue them into the fucking ground.
 
Hate to look at it in this light, but at least it doesn't actually cause damage with it being that wide spread. Still not a good thing to have on your computer, but redirecting you to a site that is just a new skin for Google is very tame compared to what could be happening.

fightingfi said:
Another article i posted here first with no due credit ....
Click to expand...

Are you sure they seen your post?

DF-1 said:
so its by a company, and they are probably happy with the success of it?

sue them into the fucking ground.
Click to expand...

Where do you start in this case? it is a program that is included with installs for other programs so the question is how did it get there? Are there more than just them in on all of this?
 
Exavior said:
Hate to look at it in this light, but at least it doesn't actually cause damage with it being that wide spread. Still not a good thing to have on your computer, but redirecting you to a site that is just a new skin for Google is very tame compared to what could be happening.
Click to expand...

It could be very bad, very quickly. I agree though...In its default form, it's more of a nuisance than anything.
 
Its why I put Unchecky on all the machines I service and put out there.

Helps massively.
 
daglesj said:
Its why I put Unchecky on all the machines I service and put out there.

Helps massively.
Click to expand...
Unchecky is great.
After running adwcleaner followed by a malwarebytes scan, most are good to go.
I follow up with a strong tongue wagging and a reminder that they are not to install anything on their computer. Along with the explanation that nothing they see on tv or the web will speed up their $300 pos laptop.
Repeat offenders get the paid version of mbam.

BulletDust said:
But come on B00nie, they masquerade as driver managers!
Click to expand...
And registry optimizers.;)
 
B00nie said:
So people are still dumb enough to download free third party software from unknown providers off the web?
Click to expand...

That is ok dude, you called Display Driver Uninstaller a bad thing and should not be downloaded. LOL!
 
Most of it comes as obscure tickbox stuff.

Hence why I always recommend ninite.com for all your freeware/staples.
 
daglesj said:
Its why I put Unchecky on all the machines I service and put out there.

Helps massively.
Click to expand...

The article stated that not all the installers give you a check box to unselect the program. You install whatever you are installing it and just gives you that also.
 
B00nie said:
So people are still dumb enough to download free third party software from unknown providers off the web?
Click to expand...

yeah but even big sites like sourceforge bundled adware in the installers for some of the apps from there as well if your not careful.

only places like https://ninite.com/ promise not to auto add adware as far as we know for now o-O;
 
Crixus said:
If you happen to notice that your browser is taking you to search pages like Trotux, Hohosearch, Yessearches, Youndoo, Luckysearch123, StartPageing123 or anything other than what you normally use, you should probably fire up your nearest Adware Cleaner and get that handled. Precise removal directions can be found at the bottom of Check Point's report.
Click to expand...


when i first start up my browser it takes me here...

is there something wrong??

;>)
 
Crixus said:
If you happen to notice that your browser is taking you to search pages like Trotux, Hohosearch, Yessearches, Youndoo, Luckysearch123, StartPageing123
Click to expand...

Sounds reasonable.


That's a lie by the way. But someone who calls himself 'man of God' obviously is not honest in the first place.
Click to expand...

God is a lie, ergo his is a liar? I'm interpreting that correctly?
 
You must log in or register to reply here.
Back
Top