| 词条 | Fireball (software) | ||||||||||||||||||||||||
| 释义 |
When was Fireball discoveredCheck Point claims to have discovered Fireball malware in 2017 but Microsoft claims that it has been tracking the malware since 2015.[6] Who is responsible for FireballThe malware has been tracked to a Chinese company called Rafotech. They are a digital marketing agency based in Beijing. They have been bundling it with legitimate software that they provide to users. Some of the programs that Rafotech bundled the Fireball software are Deal WiFi, Mustang Browser, SoSoDesk and FVP Image Viewer.[7] Rafotech claims to have 300 million users (similar to the estimated number of infections) worldwide but denies that it uses these fake search engines. Security researchers dispute this claim, noting that Rafotech may have also purchased additional distribution means from other threat actors.[6] Their fake search engines are popular with 14 of them ranked among the top 10,000 websites and some reaching the top 1,000.[7] How does Fireball workMalware has the ability of running any code on victim computers, such as downloading an arbitrary file and hijacking and manipulating infected user's web traffic in order to generate advertisement revenue. It installs plugins and additional configurations to boost its advertisements, and has potential to turn into a distributor for any additional malware. Malware is spread mostly via bundling. It is installed on a victim's machine alongside a wanted program, often without the user’s consent.[2] Digital marketing agency Rafotech has been indicated as producer of the software. The same company has been accused to host fake search engines, which redirect the queries to yahoo.com or google.com. The fake search engines include tracking pixels used to collect private information from users. Fireball manipulates the infected browsers and turn their default search engines and home pages into the above mentioned fake search engines, which enable the software to spy on users of the infected browsers. The Fireball malware does not conform to usual characteristics of bundled software. Check Point asserts, “The malware and the fake search engines don’t carry indicators connecting them to Rafotech, they cannot be uninstalled by an ordinary user and they conceal their true nature.” Furthermore, Fireball “displays great sophistication and quality evasion techniques, including anti-detection capabilities, multilayer structure and a flexible C&C.”[8] Another deception is the use of legitimate-seeming Digital certificates. Rafotech’s fake search engines and the malware itself doesn’t carry any identifying marks.[8] The program has the capability to run arbitrary code, download applications and harvest more sensitive information, such as banking and medical details. Cyber criminals could leverage the source code to create new types of malware.[6] Who has been infectedIt is estimated that 250 million computers are infected worldwide. Check Point researches also claim that this malware might have infected computers on 20% of corporate networks, making it a high volume internet threat. According to this source, the highest infection rates were discovered in Indonesia, India and Brazil. It is speculated that the related browser hijackers operations form possibly the largest infection operation in history.[1] Table 1 The top countries that have been infected with the Fireball malware
There is some dispute to these numbers according to Microsoft, it has been tracking the malware since 2015. Its results are based on the Fireball infections that have been cleaned by Windows Defender and the Malicious Software Removal Tool. Based on the collected data the total infections are 40 million. Check Point researchers used the number of visits to malware-carrying search pages not the device itself.[6] How to detect if you are infected with Fireball[9]To check if you’re infected, first open your web browser. 1. Verify that the home-pages is what you set. 2. Can you modify the home-page? 3. Check your default search engine and verify that you can modify it. 4. Check the browser extensions are only what you have installed. How to remove Fireball from your system[9]1. Use an adware removal tool 2. Remove unknown add-ons from the browser 3. Restore the browsers default settings References1. ^1 {{cite web | url=http://blog.checkpoint.com/2017/06/01/fireball-chinese-malware-250-million-infection/ | title=FIREBALL – The Chinese Malware of 250 Million Computers Infected| last=| first=| work= | publisher=Check Point | date= June 2017 | archive-url=https://web.archive.org/web/20170607155331/http://blog.checkpoint.com/2017/06/01/fireball-chinese-malware-250-million-infection/ | archive-date=2017-06-02| access-date=2017-06-02 }} 2. ^1 {{cite web | url=https://www.theregister.co.uk/2017/06/02/fireball_adware_menace/ | title=Goodness gracious, great Chinese 'Fireball' malware infects 250m systems worldwide | last=Leyden | first=John | work= | publisher=The Register|date=2 June 2017|archive-url=https://web.archive.org/web/20170607154831/https://www.theregister.co.uk/2017/06/02/fireball_adware_menace/ | archive-date=2017-06-02| access-date=2017-06-02 }} 3. ^{{cite web | url=http://fortune.com/2017/06/03/chinese-fireball-malware-infection/ | title=Hack Brief: Dangerous 'Fireball' Adware Infects a Quarter Billion PCs | last=Morris | first=David | work= | publisher=Fortune |date=3 June 2017|archive-url=https://web.archive.org/web/20170608101653/http://fortune.com/2017/06/03/chinese-fireball-malware-infection/ | archive-date=2017-06-08 | access-date=2017-06-08 }} 4. ^{{cite web | url=https://www.wired.com/2017/06/hack-brief-dangerous-fireball-adware-infects-quarter-billion-pcs/ | title=Hack Brief: Dangerous 'Fireball' Adware Infects a Quarter Billion PCs | last=Greenberg | first=Andy | work= | publisher=Wired |date=2 June 2017|archive-url=https://web.archive.org/web/20170608100527/https://www.wired.com/2017/06/hack-brief-dangerous-fireball-adware-infects-quarter-billion-pcs/ | archive-date=2017-06-08 | access-date=2017-06-08 }} 5. ^{{cite web | url=https://securityintelligence.com/news/fireball-malware-explodes-around-the-world/ | title=Fireball Malware Explodes Around the World | last=Loeb | first=Larry | work= | publisher=Security Intelligence |date=5 June 2017|archive-url=https://web.archive.org/web/20170608103148/https://securityintelligence.com/news/fireball-malware-explodes-around-the-world/ | archive-date=2017-06-08 | access-date=2017-06-08 }} 6. ^1 2 3 {{Cite news|url=https://securityintelligence.com/news/fireball-malware-ticking-time-bomb-or-all-hot-air/|title=Fireball Malware: Ticking Time Bomb or All Hot Air?|work=Security Intelligence|access-date=2017-07-01|language=en-US}} 7. ^1 {{Cite web|url=http://www.securityweek.com/fireball-malware-infects-250-million-computers|title=Fireball Malware Infects 250 Million Computers {{!}} SecurityWeek.Com|website=www.securityweek.com|language=en|access-date=2017-07-01}} 8. ^1 {{Cite news|url=https://securityintelligence.com/news/fireball-malware-explodes-around-the-world/|title=Fireball Malware Explodes Around the World|work=Security Intelligence|access-date=2017-07-01|language=en-US}} 9. ^1 {{Cite web|url=http://blog.checkpoint.com/2017/06/01/fireball-chinese-malware-250-million-infection/|title=FIREBALL - The Chinese Malware of 250 Million Computers Infected|date=2017-06-01|website=Check Point Blog|access-date=2017-07-01}} 2 : Malware|Types of malware |
||||||||||||||||||||||||
| 随便看 |
|
开放百科全书收录14589846条英语、德语、日语等多语种百科知识,基本涵盖了大多数领域的百科知识,是一部内容自由、开放的电子版国际百科全书。