FireBall Adware Infects Over 250 Million PCs

Schtask

Limp Gawd
Joined
Nov 29, 2011
Messages
436
Security firm Check Point is warning users of a massive new Adware outbreak that is targeting web browsers across the globe. The Adware in question has been dubbed "Fireball" and is estimated to have already infected over 250 million users. Enterprise networks have also been hit. According to data gathered by Check Point's global sensors, 20% of corporate networks have been infected. The Adware has become so prevalent that some of Fireball's redirect pages have ranked in Alexa's Top 1000 site list.

Developed by Rafotech, a Chinese Digital Marketing company, Fireball is distributed via bundling with other software. Think twice before downloading "Deal Wifi", "Mustang Browser", "SoSo Desktop", "FVP Imageviewer", or any other software that even makes a passing glance in Rafotech's direction. Oh, and get this: Rafotech is able to pass off Fireball with legitimate digital certificates.

At its base functionality, Fireball manipulates the target's web browser and changes the default search engine and home page into a fake. This activity is much like any run of the mill browser hijacker. Where Fireball extends beyond those tactics rests in the Adware's ability to become a malware dropper, execute malicious code, and spy on users. In other words, FireBall will allow Rafotech to deploy and execute any malicious file to a target device. One minute you could be dealing with the frustrations inherent in having your browser hijacked. In the next minute you could be dealing with reGeorge, DNS Tunneling and Reverse Shells to Beijing.

If you happen to notice that your browser is taking you to search pages like Trotux, Hohosearch, Yessearches, Youndoo, Luckysearch123, StartPageing123 or anything other than what you normally use, you should probably fire up your nearest Adware Cleaner and get that handled. Precise removal directions can be found at the bottom of Check Point's report.
 
Last edited:

DF-1

2[H]4U
Joined
Jun 17, 2011
Messages
2,686
so its by a company, and they are probably happy with the success of it?

sue them into the fucking ground.
 

Exavior

[H]F Junkie
Joined
Dec 13, 2005
Messages
9,700
Hate to look at it in this light, but at least it doesn't actually cause damage with it being that wide spread. Still not a good thing to have on your computer, but redirecting you to a site that is just a new skin for Google is very tame compared to what could be happening.

Another article i posted here first with no due credit ....

Are you sure they seen your post?

so its by a company, and they are probably happy with the success of it?

sue them into the fucking ground.

Where do you start in this case? it is a program that is included with installs for other programs so the question is how did it get there? Are there more than just them in on all of this?
 

Schtask

Limp Gawd
Joined
Nov 29, 2011
Messages
436
Hate to look at it in this light, but at least it doesn't actually cause damage with it being that wide spread. Still not a good thing to have on your computer, but redirecting you to a site that is just a new skin for Google is very tame compared to what could be happening.

It could be very bad, very quickly. I agree though...In its default form, it's more of a nuisance than anything.
 

daglesj

Supreme [H]ardness
Joined
May 7, 2005
Messages
5,679
Its why I put Unchecky on all the machines I service and put out there.

Helps massively.
 

Jim Kim

2[H]4U
Joined
May 24, 2012
Messages
3,921
Its why I put Unchecky on all the machines I service and put out there.

Helps massively.
Unchecky is great.
After running adwcleaner followed by a malwarebytes scan, most are good to go.
I follow up with a strong tongue wagging and a reminder that they are not to install anything on their computer. Along with the explanation that nothing they see on tv or the web will speed up their $300 pos laptop.
Repeat offenders get the paid version of mbam.

But come on B00nie, they masquerade as driver managers!
And registry optimizers.;)
 

ManofGod

[H]F Junkie
Joined
Oct 4, 2007
Messages
12,717
So people are still dumb enough to download free third party software from unknown providers off the web?

That is ok dude, you called Display Driver Uninstaller a bad thing and should not be downloaded. LOL!
 

daglesj

Supreme [H]ardness
Joined
May 7, 2005
Messages
5,679
Most of it comes as obscure tickbox stuff.

Hence why I always recommend ninite.com for all your freeware/staples.
 

Exavior

[H]F Junkie
Joined
Dec 13, 2005
Messages
9,700
Its why I put Unchecky on all the machines I service and put out there.

Helps massively.

The article stated that not all the installers give you a check box to unselect the program. You install whatever you are installing it and just gives you that also.
 
Joined
Nov 11, 2004
Messages
814
So people are still dumb enough to download free third party software from unknown providers off the web?

yeah but even big sites like sourceforge bundled adware in the installers for some of the apps from there as well if your not careful.

only places like https://ninite.com/ promise not to auto add adware as far as we know for now o-O;
 

katanaD

[H]ard|Gawd
Joined
Nov 15, 2016
Messages
1,987
If you happen to notice that your browser is taking you to search pages like Trotux, Hohosearch, Yessearches, Youndoo, Luckysearch123, StartPageing123 or anything other than what you normally use, you should probably fire up your nearest Adware Cleaner and get that handled. Precise removal directions can be found at the bottom of Check Point's report.


when i first start up my browser it takes me here...

is there something wrong??

;>)
 

westrock2000

[H]F Junkie
Joined
Jun 3, 2005
Messages
9,366
If you happen to notice that your browser is taking you to search pages like Trotux, Hohosearch, Yessearches, Youndoo, Luckysearch123, StartPageing123

Sounds reasonable.


That's a lie by the way. But someone who calls himself 'man of God' obviously is not honest in the first place.

God is a lie, ergo his is a liar? I'm interpreting that correctly?
 
Top