Thursday, 9 December, 2021

Subscribe to Newsletter

  Knowledge Center

Could Fireball Malware Become the Next Mirai?

Published Jun 6, 2017

This month, researchers uncovered a malware strain believed to have infected more than 250 million computers globally. It is further believed that this malware is present on 20 percent of corporate networks.

Dubbed “Fireball,” the massive malware infection originated in China and has caused disastrous outbreaks in Brazil, India and Mexico. There’s the potential for Fireball to become more calamitous.

Security firm Check Point, which found Fireball, called it “possibly the largest infection operation in history.”

“…Fireball, takes over target browsers and turns them into zombies,” Check Point wrote. “Fireball has two main functionalities: the ability of running any code on victim computers – downloading any file or malware, and hijacking and manipulating infected users’ web-traffic to generate ad-revenue. Currently, Fireball installs plug-ins and additional configurations to boost its advertisements, but just as easily it can turn into a prominent distributor for any additional malware.”

Potential Devastation

What’s more startling, is that Fireball has the ability to execute commands remotely, including downloading further malicious software. This means threat actors could theoretically use the more than 250 million infected machines to launch a colossal and destructive botnet, that could rival Mirai.

The Mirai malware is blamed for the DDoS attack against DNS provider Dyn that knocked many of the web’s biggest sites offline last year; the 600-plus Gbps attack against Krebsonsecurity; and the attack against service provider OVH.

Attackers used the Mirai malware to take control of unsecured Internet of Things (IoT) devices, namely web-enabled cameras, to build botnets. This gave rise to the DDoS of Things and heralded a new era of DDoS attacks, which for the first time, exceeded the 1 Tbps threshold.

While Fireball itself isn’t a DDoS attack, an attacker could weaponize the compromised machines and use them to build a botnet that rises to the level of Mirai, especially considering infected PCs are far more powerful than hijacked webcams.

Maya Horowitz, threat intelligence group manager at Check Point, told Dark Reading that Fireball has the potential to be leveraged for a Mirai-style wave of gigantic DDoS attacks.

"In [Fireball's] case, each infected machine was its own, and someday all these machines could get the command to do something," Horowitz told Dark Reading. "Any risk you can think of; any code can run on these machines."

Fight Fire with Fire

The DDoS of Things is powering bigger, smarter and more devastating multi-vector attacks than ever imagined.

Fireball’s potential to become the next Mirai, or something worse, reinforces the need for protection from the DDoS of Things and IoT-fueled DDoS attacks.

DDoS attacks are damaging. Along with service disruption, they can have a lasting impact that harms your brand reputation, your revenue and your user experience. You need to fight back. If Fireball reaches Mirai status, you need a weapon against volumetric, multi-vector DDoS attacks. You need major firepower to stand up to the DDoS of Things.

Rate This:

Posted by VMD - [Virtual Marketing Department]

What is your favourite search engine?

Most Viewed
  Riverbed Launches Industry’s Most Complete Digital Experience Management Solution

  Credence Security to Address Growing Market for GRC Solutions in Middle East Through Partnership with Rsam

  New Mimecast Archive Cloud Capability Streamlines GDPR Management for Email

  Planning and Scheduling Software–Helping Manufacturers Keep Their Customers Happy

  Farsight Security and Infoblox Provide Zero-Hour Protection Against Cyberattacks Due to New Domains

  Fujitsu Launches High-Security Biometric Authentication Solution for Active Directory IT Environments

  Rackspace Wins 2017 Red Hat Innovator of the Year Award

  ServiceNow Survey Shows 2018 as the Year of Automation for Routine Enterprise Work

  4 Tech Hacks to Faster Customer Onboarding

  New Mimecast Report Detects 400% Increase in Impersonation Attacks