Content, Breach, Malware

Fireball Malware: Microsoft vs. Check Point Software Claims

Microsoft has disputed claims from Israeli cybersecurity solutions company Check Point Software about the magnitude of Fireball, malware that takes over target browsers and turns them into zombies.

Earlier this month, Check Point reported Fireball had infected more than 250 million computers worldwide – 20 percent of all corporate networks. The company also indicated most Fireball infections took place in the United States, Brazil, China, India and Indonesia.

Although Fireball malware is a threat to global organizations, the magnitude of its reach has been "overblown," Microsoft this week said in a blog.

"Check Point estimated the size of the Fireball malware based on the number of visits to the search pages, and not through collection of endpoint device data," Microsoft noted. "Using this technique of site visits to estimate the volume of infected machines can be tricky."

Microsoft has been tracking Fireball since 2015, the company stated, and regularly updates its software to protect against Fireball and other cyber threats.

"Windows users are protected from  group of threats through Windows Defender Antivirus and Microsoft Malicious Software Removal Tool (MSRT)," Microsoft indicated. "As another layer of protection, Windows 10 S only allows apps that come from the Windows Store to run. None of these malware and unwanted software is present in the store; therefore, Windows 10 S users are further protected from this threat group."

What Is Fireball?

Fireball malware infections occur due to software bundling, according to Microsoft.

The malware is installed with "clean" programs that users download through their browser, Microsoft stated, and uses these programs to load malicious code and evade behavior-based detection.

Furthermore, Microsoft noted Fireball has been shown to:

  • Hijack browser search and home page settings.
  • Monetize via advertising.
  • Persist on an infected machine.

To prevent, detect and recover from a Fireball infection, Microsoft offered the following recommendations:

  • Leverage security solutions to detect and remove all components associated with malware.
  • Keep all Windows operating system and antivirus software up to date.
  • With Windows Defender Antivirus, review the exclusion settings to see if Fireball added entries; in this scenario, an end user should remove excluded items immediately.
  • Utilize Microsoft Security Essentials and Windows Defender for Windows 10 to set up and activate real-time protection, cloud-based protection or automatic sample submission security settings.
  • Reset to Microsoft recommended security defaults.
  • Use Windows Defender Advanced Threat Protection to receive alerts about any suspicious activities.

Fireball continues to evolve, Microsoft indicated.

As such, Microsoft will continue to track and monitor Fireball threats to safeguard end users, the company said in a prepared statement.

Dan Kobialka

Dan Kobialka is senior contributing editor, MSSP Alert and ChannelE2E. He covers IT security, IT service provider business strategies and partner programs. Dan holds a M.A. in Print and Multimedia Journalism from Emerson College and a B.A. in English from Bridgewater State University. In his free time, Dan enjoys jogging, traveling, playing sports, touring breweries and watching football.