It enters a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting certain websites. Fireball, which arrives in a bundled component equipped with malware/grayware packages, has an autostart technique with a scheduled task that executes every hour.It’s also capable of making endpoints send and receive information from potentially unsafe websites.
According to reports, Fireball was discovered using its code to generate ad-revenue by redirecting a user’s browser to websites that mimic the homepage of legitimate search engines. While this behavior is not inherently malicious, a closer look at its capabilities shows it can also be used to remotely run any code or download additional files on a machine where it is installed.
Does Fireball present a risk right now?
Currently, Fireball is not considered malicious—yet. The danger it could pose to affected endpoints would depend on the type of files it downloads. The risk it can pose to affected endpoints and users could range from exposure of system and user information to more serious threats like malware.
What can be done?
The risk of systems getting infected by Fireball can be avoided by taking extra caution when agreeing to install software with optional installs. PUAs in general do not explicitly and completely state their purpose, and the unexpected impact on security and/or privacy is always possible. Avoiding suspicious pop-up or banner advertisements, untrusted websites, and being wary of attachments in emails received from untrusted sources are best security practices.
If it is already installed on the system, manually remove or uninstall it and then reset the internet browser settings.
Trend Micro™OfficeScan™ infuses high-fidelity machine learning into a blend of threat protection techniques to eliminate security gaps across any user activity and any endpoint. It constantly learns, adapts, and automatically shares threat intelligence across your environment. This blend of threat protection is delivered via an architecture that uses endpoint resources more effectively and ultimately out-performs the competition on CPU and network utilization.