Schtask
Limp Gawd
- Joined
- Nov 29, 2011
- Messages
- 436
Security firm Check Point is warning users of a massive new Adware outbreak that is targeting web browsers across the globe. The Adware in question has been dubbed "Fireball" and is estimated to have already infected over 250 million users. Enterprise networks have also been hit. According to data gathered by Check Point's global sensors, 20% of corporate networks have been infected. The Adware has become so prevalent that some of Fireball's redirect pages have ranked in Alexa's Top 1000 site list.
Developed by Rafotech, a Chinese Digital Marketing company, Fireball is distributed via bundling with other software. Think twice before downloading "Deal Wifi", "Mustang Browser", "SoSo Desktop", "FVP Imageviewer", or any other software that even makes a passing glance in Rafotech's direction. Oh, and get this: Rafotech is able to pass off Fireball with legitimate digital certificates.
At its base functionality, Fireball manipulates the target's web browser and changes the default search engine and home page into a fake. This activity is much like any run of the mill browser hijacker. Where Fireball extends beyond those tactics rests in the Adware's ability to become a malware dropper, execute malicious code, and spy on users. In other words, FireBall will allow Rafotech to deploy and execute any malicious file to a target device. One minute you could be dealing with the frustrations inherent in having your browser hijacked. In the next minute you could be dealing with reGeorge, DNS Tunneling and Reverse Shells to Beijing.
If you happen to notice that your browser is taking you to search pages like Trotux, Hohosearch, Yessearches, Youndoo, Luckysearch123, StartPageing123 or anything other than what you normally use, you should probably fire up your nearest Adware Cleaner and get that handled. Precise removal directions can be found at the bottom of Check Point's report.
Developed by Rafotech, a Chinese Digital Marketing company, Fireball is distributed via bundling with other software. Think twice before downloading "Deal Wifi", "Mustang Browser", "SoSo Desktop", "FVP Imageviewer", or any other software that even makes a passing glance in Rafotech's direction. Oh, and get this: Rafotech is able to pass off Fireball with legitimate digital certificates.
At its base functionality, Fireball manipulates the target's web browser and changes the default search engine and home page into a fake. This activity is much like any run of the mill browser hijacker. Where Fireball extends beyond those tactics rests in the Adware's ability to become a malware dropper, execute malicious code, and spy on users. In other words, FireBall will allow Rafotech to deploy and execute any malicious file to a target device. One minute you could be dealing with the frustrations inherent in having your browser hijacked. In the next minute you could be dealing with reGeorge, DNS Tunneling and Reverse Shells to Beijing.
If you happen to notice that your browser is taking you to search pages like Trotux, Hohosearch, Yessearches, Youndoo, Luckysearch123, StartPageing123 or anything other than what you normally use, you should probably fire up your nearest Adware Cleaner and get that handled. Precise removal directions can be found at the bottom of Check Point's report.
Last edited: