BUSINESS TECHNOLOGY MEDIA FOR AFRICA

First WannaCry, now Fireball

First WannaCry, now Fireball
Christopher Tredger
By Christopher Tredger, Portals editor
05 Jun 2017

Threat intelligence and research teams from cyber security firm Check Point recently discovered a high volume Chinese threat operation behind an installed malware called Fireball which is said to have infected over 250 million computers worldwide – and 20% of corporate networks.

According to the cyber security company Fireball can run any code on victim computers and download any file or malware; as well as hijack and manipulate infected users' web-traffic to generate ad-revenue.

Fireball is said to spread mostly via bundling or installed on victim machines alongside a wanted program, often without the user's consent. "It takes over target browsers, turning them into zombies," reads a statement issued by Check Point.

The company estimates that 38.43% of the corporate networks in South Africa has at least 1 infected machine in their network.

Infection rates across other African countries: Angola - 73.08%; Nigeria - 59.02%; Uganda - 57.89%; Kenya - 51.56%.

Recommended

"Currently, Fireball installs plug-ins and additional configurations to boost its advertisements, but just as easily it can turn into a prominent distributor for any additional malware," the company says.

"This operation is run by Rafotech, a large digital marketing agency based in Beijing. Rafotech uses Fireball to manipulate the victims' browsers and turn their default search engines and home-pages into fake search engines which simply redirect the queries to either yahoo.com or Google.com. The fake search engines include tracking pixels used to collect the users' private information. Fireball can also spy on victims, perform efficient malware dropping, and execute any malicious code in the infected machines, thus creating a massive security flaw in targeted machines and networks," Check Point continues.

The cyber security firm has confirmed that there are no parallels that can be drawn between Fireball and WannaCry, but the research does show a general increase in malware.

Share

Read more
ITWeb proudly displays the “FAIR” stamp of the Press Council of South Africa, indicating our commitment to adhere to the Code of Ethics for Print and online media which prescribes that our reportage is truthful, accurate and fair. Should you wish to lodge a complaint about our news coverage, please lodge a complaint on the Press Council’s website, www.presscouncil.org.za or email the complaint to enquiries@ombudsman.org.za. Contact the Press Council on 011 484 3612.
Copyright @ 1996 - 2025 ITWeb Limited. All rights reserved.