On June 4, 2017, ANP was prompted to publish an article detailing some very strange computer problems that have been noted across the Internet, coincidentally increasing in frequency after the massive cyber attack dubbed the 'world's biggest" back in April where hackers used the recently released NSA hacking tools in a global cyber attack.
In that ANP article we asked "Have You Been Hacked?"
We now know that over 250 million people can answer that question with a big, fat, YES, thanks to a couple of our eagle eye readers. Only some aren't aware that their computers have been turned into "zombies," as a massive worldwide malware attack called "Fireball" has already taken over 250 million browsers, with 20 percent of them affected being corporate networks, with cyber experts stating that this malware technology, which originated in China, could "initiate global catastrophe."
That is the bad news, the worse news is that the infection rate is growing.
WHAT CAN 'FIREBALL' DO?
Via Check Point which is a tech company that has been protecting computers from threats since 1993, according to WND, "Fireball, takes over target browsers and turns them into zombies. Fireball has two main functionalities: the ability of running any code on victim computers–downloading any file or malware, and hijacking and manipulating infected users’ web-traffic to generate ad-revenue. Currently, Fireball installs plug-ins and additional configurations to boost its advertisements, but just as easily it can turn into a prominent distributor for any additional malware."
According to that same report, 'Fireball' also has the ability to; spy on victims; perform efficient malware dropping; execute any malicious code in the infected machines.
Fortune Magazine offers one of the best examples of how much damage this can do:
Many botnets much smaller than Fireball’s collection of 250 million compromised machines have been involved in major DDoS (for "distributed denial of service"), spam, or other campaigns. The Mirai botnet that knocked out Internet service for millions of people last December was estimated to have included as few as 120,000 devices—and those were mostly connected cameras and routers with far less power than the PCs targeted by Fireball.
Those attacks used the average every day devices connected to the internet, effectively turning them into "bots" to be used maliciously, in the "largest ever DDoS" attack, with only 120,000 devices used, and this "Fireball" already has the ability to control 250 million.
Also remember October 2016 Internet outages which started on the East Coast, then throughout the day hit the west coast, in waves of "botnet" attacks, once again, using devices such as webcams, DVRs, routers, etc.
Wired reported at the time: "Once infected, those Internet-connected devices become part of a botnet army, driving malicious traffic toward a given target," which in that case was Dyn, an Internet infrastructure company, where "traffic to Dyn's Internet directory servers throughout the US—primarily on the East Coast but later on the opposite end of the country as well—was stopped by a flood of malicious requests from tens of millions of IP addresses disrupting the system."
(Image Above: Fireball Global Infection Rates (darker pink = more infections)
WHO IS INFECTED?
While the U.S. does not top the list of countries with the highest infections, there are at least 5.5 million U.S. computers infected already. The map above shows the locations, but it is the data itself that that leads Check Point to offer an analogy to describe the severity of this issue, saying "Try to imagine a pesticide armed with a nuclear bomb."
The scope of the malware distribution is alarming. According to our analysis, over 250 million computers worldwide have been infected: specifically, 25.3 million infections in India (10.1%), 24.1 million in Brazil (9.6%), 16.1 million in Mexico (6.4%), and 13.1 million in Indonesia (5.2%). The United States has witnessed 5.5 million infections (2.2%).
Based on Check Point’s global sensors, 20% of all corporate networks are affected . Hit rates in the US (10.7%) and China (4.7%) are alarming;but Indonesia (60%), India (43%) and Brazil (38%) have much more dangerous hit rates.
Check Point also offers methods to determine if your machine is infected, how to remove the infection if your system has been compromised, highlighting methods for PCs and MACs, how to check your plug-ins to make sure some have not been added that you did not download yorurself, and how to remove any malicious extensions or plug-ins from your browser.
First thing recommended by Check Point in order to determine of your machine has been infected is "To check if you’re infected, first open your web browser. Was your home-page set by you? Are you able to modify it? Are you familiar with your default search engine and can modify that as well? Do you remember installing all of your browser extensions?
If after checking those points, you answered "No" to any of them, it is a sign of infection, whether by 'Fireball" or other another browser hijacker.
PC: Uninstall the adware by removing the application from the Programs and Features list in the Windows Control Panel. MAC Users: Use the Finder to locate the Applications. Drag the suspicious file to the Trash. Empty the Trash.
Because this may not always be found with that methods, they recommend performing both a malware and adware scan.
They also offer an important warning:
It’s important to remember that when a user installs freeware, additional malware isn’t necessarily dropped at the same time. If you download a suspicious freeware and nothing happens on the spot, it doesn’t necessarily mean that something isn’t happening behind the scenes.
Furthermore, it is likely that Rafotech is using additional distribution methods, such as spreading freeware under fake names, spam, or even buying installs from threat actors.
As with everything in the internet, remember that there are no free lunches. When you download freeware, or use cost-free services (streaming and downloads, for example), the service provider is making profit somehow. If it’s not from you or from advertisements, it will come from somewhere else.
We recommended reading the entire article at Check Point to understand how computers are being infected, so if you are not already, you know what to be on the lookout for, and if you are, how to remove it, as well as detailed instructions on how to remove malicious Add-ons, extensions or plug-ins from your browser, for those using Chrome, Mozilla, Safari and Internet Explorer.
At the bottom of their article they also provide an extensive list of what they call "indicators of compromise" which are website addresses which can apparently infect your machine.