Fireball: What It Is, What It Does, and How to Defend Against It

The adware known as Fireball (detected by Trend Micro as PUA_RAFOTECH) has been making waves after reportedly infecting over 250 million computers worldwide, with 20 percent occurring on corporate networks. Data from Trend Micro Smart Protection Network has detected Fireball in numerous countries like Australia, France, India, New Zealand, Turkey, Vietnam, and South Africa. Here’s what users and enterprises need to know about this potential threat and what can be done to protect systems against it.

What does Fireball do?

It enters a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting certain websites. Fireball, which arrives in a bundled component equipped with malware/grayware packages, has an autostart technique with a scheduled task that executes every hour.It’s also capable of making endpoints send and receive information from potentially unsafe websites.

According to reports, Fireball was discovered using its code to generate ad-revenue by redirecting a user’s browser to websites that mimic the homepage of legitimate search engines. While this behavior is not inherently malicious, a closer look at its capabilities shows it can also be used to remotely run any code or download additional files on a machine where it is installed.

Does Fireball present a risk right now?

Currently, Fireball is not considered malicious—yet. The danger it could pose to affected endpoints would depend on the type of files it downloads. The risk it can pose to affected endpoints and users could range from exposure of system and user information to more serious threats like malware.

What can be done?

The risk of systems getting infected by Fireball can be avoided by taking extra caution when agreeing to install software with optional installs. PUAs in general do not explicitly and completely state their purpose, and the unexpected impact on security and/or privacy is always possible. Avoiding suspicious pop-up or banner advertisements, untrusted websites, and being wary of attachments in emails received from untrusted sources are best security practices.

If it is already installed on the system, manually remove or uninstall it and then reset the internet browser settings.   

Trend Micro™OfficeScan™ infuses high-fidelity machine learning into a blend of threat protection techniques to eliminate security gaps across any user activity and any endpoint. It constantly learns, adapts, and automatically shares threat intelligence across your environment. This blend of threat protection is delivered via an architecture that uses endpoint resources more effectively and ultimately out-performs the competition on CPU and network utilization.

Trend MicroMaximum Security is a complete, multi-device protection against viruses, ransomware, dangerous websites, and identity thieves.

Like it? Add this infographic to your site:
1. Click on the box below.   2. Press Ctrl+A to select all.   3. Press Ctrl+C to copy.   4. Paste the code into your page (Ctrl+V).

Image will appear the same size as you see above.