Cylance vs. Fireball Malware

Background

Fireball is malware that has reportedly spread to over 250 million computers around the world. Masquerading as simple adware, Fireball may actually be more malicious. It has been examined by many security organizations and has been linked by several different indicators of compromise (IoCs).

Our Threat Guidance team researched Fireball and wrote up the technical details about how it works – it’s worth reading.

While the payloads vary greatly, the impact is similar. It installs silently, includes persistent browser hijacking capabilities and is extremely difficult to remove.

VIDEO: Watch Cylance take on Fireball in real time:

Why Should I Be Concerned About Adware?

While traditional adware is relatively innocent and usually easily removed, more malicious examples like Fireball are becoming more prevalent. Fireball has been found almost always bundled with other software, but it’s bundled in such a way that the typical user would not be aware of it – that’s the “hidden” aspect.

We have come across a few major packages, each containing various other adware programs such as QQBrowser, aMule P2P client, BiksQRSS and RSS client, and the list goes on.

However, this adware is not what the user should be worried about in terms of malware threat, as much of this adware is common, easy to remove, and not classifiable as malware.

Why is This an Important Issue?

The real issue is any of the several browser hijackers installed by this bundle. Taking the form of a DLL turned into a service, these payloads all install common persistence mechanisms and even clean up after themselves.

These services contain the browser hijacker functionality of Fireball. They perform the functions typical of a hijacker, changing your home page or redirecting your browser traffic to desired locations to generate advertising revenue for the malware author. This is not (Read more...)

This is a Security Bloggers Network syndicated blog post authored by The Cylance Team. Read the original post at: Cylance Blog