Categories: Security

Fireball Browser Hijack Impact Revised After Microsoft Analysis

On June 1, security firm Check Point reported that a browser hijacking operation called “Fireball” had already claimed 250 million victims. According to a Microsoft analysis published June 22, Check Point’s estimate of the number of victims was “overblown” and the attack is not nearly as widespread as initially reported.

The Fireball attack is a browser hijacking that is potentially able to download malware onto victims’ systems, as well as manipulate pageviews and redirect search requests. Check Point’s initial analysis claimed that Fireball was being bundled as part of free software downloads to unsuspecting users.

“Indeed, we have been working with Microsoft on their analysis, feeding them with some additional data,” Maya Horowitz, group manager of threat intelligence at Check Point, said in a statement sent to eWEEK. “We tried to reassess the number of infections, and from recent data we know for sure that numbers are at least 40 million, but could be much more.”

Microsoft claimed in its analysis that it has been aware of the Fireball issue since 2015. In particular, Microsoft’s analysis has found that the most prevalent malware used by Fireball are BrowserModifier:Win32/SupTab and BrowserModifier:Win32/Sasquor. According to Microsoft, its Windows users are protected from those threats by Windows Defender Antivirus and the Microsoft Malicious Software Removal Tool (MSRT).

More light shed

“Check Point used a simple formula to come up with an estimate that was based on incorrect assumptions which provided an overblown number,” a Microsoft spokesperson told eWEEK. “This was confirmed in the follow-up discussions.”

Microsoft’s analysis reports that approximately 11,084,744 Fireball-related infections were detected and removed by Microsoft’s Defender and MSRT security technologies.

“Any sum of these numbers will be an estimate, however, as we can detect the malware on the same machine multiple times over multiple months,” the spokesperson stated. “The sharp and continued drop in reports from MSRT over several months indicates reinfection rates were low.”

Additionally, Microsoft claimed that Microsoft Edge browser users are not impacted at all by Fireball. Microsoft’s spokesperson said that is because the malware does not make changes that affect Edge’s settings. The spokesperson added that the impact to Microsoft’s Internet Explorer (IE) browser is extremely limited because a number of factors must be in place.

Edge is the successor to IE and has benefited from multiple security innovations. It has also benefited from the broader security researcher community that has been contributing bugs to Microsoft as part of a bug bounty program.

On June 21, Microsoft announced that since the Edge bounty effort began in August 2016 it has paid out over $200,000 in rewards to security researchers. The bounties were part of the Edge on Windows Insider Preview (WIP) bounty program that was not originally intended to be a time limited effort, but that is now changing.

“This collaboration with the research community has resulted in significant improvements in Edge security and has allowed us to offer more proactive security for our customers,” Akila Srinivasan, security program manager at the Microsoft Security Response Center, wrote in a blog post. “Keeping in line with our philosophy of protecting customers and proactively partnering with researchers, today we are changing the Edge on Windows Insider Preview (WIP) bounty program from a time bound to a sustained bounty program.”

Originally published on eWeek

Quiz: Test your knowledge on cyber security in 2017

Sean Michael Kerner

Sean Michael Kerner is a senior editor at eWeek and contributor to TechWeek

Recent Posts

Twitter To Hide Tweets That Share False Information During A Crisis

Potentially risking Elon's wrath over free speech, Twitter says it will hide tweets spreading misinformation…

12 hours ago

Boeing Starliner Test Flight Readied For Tonight

Third time the charm? Main rival to SpaceX's Dragon capsule, the embattled Boeing Starliner spacecraft,…

14 hours ago

September 13 Slated For iPhone 14 Launch – Report

No surprise there. Apple is slated to launch the iPhone 14 on 13 September according…

16 hours ago

Texas Social Media Law Battle Heads To Supreme Court

Battle between Texas and social networking giants reaches US Supreme Court, and it could decide…

17 hours ago

UK Can Legally Launch Cyberattacks Against Hostile Nations, Says AG

Chief legal advisor to government says UK can legally launch cyberattacks against hostile nations, and…

21 hours ago