Fireball
Threat Scorecard
EnigmaSoft Threat Scorecard
EnigmaSoft Threat Scorecards are assessment reports for different malware threats which have been collected and analyzed by our research team. EnigmaSoft Threat Scorecards evaluate and rank threats using several metrics including real-world and potential risk factors, trends, frequency, prevalence, and persistence. EnigmaSoft Threat Scorecards are updated regularly based on our research data and metrics and are useful for a wide range of computer users, from end users seeking solutions to remove malware from their systems to security experts analyzing threats.
EnigmaSoft Threat Scorecards display a variety of useful information, including:
Ranking: The ranking of a particular threat in EnigmaSoft’s Threat Database.
Severity Level: The determined severity level of an object, represented numerically, based on our risk modeling process and research, as explained in our Threat Assessment Criteria.
Infected Computers: The number of confirmed and suspected cases of a particular threat detected on infected computers as reported by SpyHunter.
See also Threat Assessment Criteria.
| Ranking: | 14,665 |
| Threat Level: | 20 % (Normal) |
| Infected Computers: | 647 |
| First Seen: | August 16, 2017 |
| Last Seen: | September 18, 2023 |
| OS(es) Affected: | Windows |
Fireball is an adware infection that has managed to infect more than 250 million computers around the world. This is an enormous number, a quarter of a billion computers! Fireball is designed to display pop-ups on the victim's computers. Today, PC security researchers estimate that one in five networks around the world has been infected with Fireball. It is especially distressing when one considers that Fireball has the potential to lead to serious threat infections. Malware analysts warn of the possibility of a severe threat epidemic as a result of a large number of computers already made vulnerable by Fireball.
Table of Contents
Why The Con Artists Created Fireball?
Like most adware, Fireball is designed to hijack the victim's Web browser, changing its default search engine and tracking the victim's online activity. Fireball is linked to a digital marketing company based in Beijing that goes by the name Rafotech. One worrying aspect of Fireball is that it has the possibility of running corrupted code on the victim's computer or to allow the download of more threats onto the victim's computer. This means that Fireball has the potential to be quite a serious infection, despite the fact that it is currently being distributed as something much less serious. Fireball has the capacity to install a backdoor, which may be exploited to carry out devastating threat attacks.
The Potential Danger of Fireball
Some of the hundreds of millions of computers affected by Fireball were infected by a technique known as bundling. This involves including the installation of Fireball along with other software, especially free software downloaded from the Web. Some free programs that have been linked to the Fireball distribution include the Soso Desktop and the FVP Image Viewer. These two programs, however, are not popular in the United States or Europe particularly. Because of this, it is likely that Fireball also is being delivered using other techniques, which may include exploit kits or email attacks. The number of Fireball infections worldwide has been estimated by analyzing the domains that have been associated with Fireball redirects and connections, which may be low-quality search engines that load results from Google and Yahoo while monetizing the victim's Web traffic and delivering advertisements. Because of the use of Google and Yahoo search results being included in Fireball attacks, it is possible that these companies may be profiting from Fireball indirectly, but it is still uncertain if there is any connection with this adware scheme.
The Victims of Fireball may be Far More than We Know
By looking at traffic statistics for search engines associated with Fireball, PC security researchers have estimated that a quarter of a billion computers around the world have been compromised with Fireball. However, since not all domains associated with Fireball have been identified, it is possible that this number is still lower than the real figure. Rafotech, Fireball's developer, claims on its website that they have reached more than 300 millions of computer users. The countries that are most affected by Fireball are Brazil and India, with about 25 million of infected computers in each one of them. Infections in the United States only account for a small fraction of the Fireball attacks currently, at about 5.5 million affected computers.
Preventing Fireball Infections and Dealing with Fireball
It is unknown how unsafe Fireball is currently. While it carries out a typical adware tactic, displaying ads on affected computers and interfering with the victim's computer when browsing the Web, this is still a low-level infection. However, the extent of Fireball's reach and the fact that there is a backdoor component to Fireball makes the danger and epidemic potential of Fireball quite scary. Because of this, these attacks should be responded immediately. Use a trusted security program that is fully up-to-date and to scan your computer regularly.
