250M devices infected with Fireball is ‘overblown’
Some security researchers say Fireball hit more than 250 million computers. Microsoft is arguing it’s more like 5 million.
Researchers are warning that a virus has spread like wildfire, but Microsoft argues it’s a lot of smoke and mirrors.
Earlier this month, security company Check Point said it discovered a Chinese operation that infected more than 250 million computers with Fireball, which can take over your computer’s browser. Fireball spread through software bundling, by hiding downloads from questionable sources, like pirated games or movies.
At that infection rate, it easily overshadowed the WannaCry ransomware, which hit about 200,000 devices at the height of the ransomware’s spread last month.
While Fireball has the capability to hijack your browser and download more malware, the attackers had primarily been using it to redirect traffic from infected victims to certain websites where they could rake in ad revenue. The scheme, which Check Point said was run by a marketing agency in Beijing called Rafotech, would change a browser’s default search engine and homepage to a fake page.
In a screenshot captured by Microsoft, one of the fake pages looked like a Google ripoff and featured a search engine called Trotux. Other fake search engines included HohoSearch, WalaSearch and StartPageing123.
Check Point described Fireball as a massive malware breach, but Microsoft disagrees.
Microsoft on Thursday released research showing it had been following Fireball since 2015, and hadn’t seen it infect more than 5 million devices.
“While the threat is real, the reported magnitude of its reach might have been overblown,” Hamish O’Dea, from Windows Defender research team, said.
Microsoft claimed that Check Point tracked the number of visits to the fake pages to get the “250 million infected” instead of looking at how many devices were actually hit with Fireball. Not every device that visits these bogus search engines might actually be infected, Microsoft said.
The Windows Defender gathered data on more than 500 million devices. Of the 5 million Fireball infections it spotted, the greatest number occurred in Brazil and India.
Microsoft has asked to get a closer look at Check Point’s data, and the security company said it is cooperating.
“We tried to reassess the number of infections, and from recent data we know for sure that numbers are at least 40 million, but could be much more,” Maya Horowitz, Check Point’s threat intelligence group manager, said in a statement.
By Alfred Ng