Rechercher
Contactez-nous Suivez-nous sur Twitter En francais English Language
 

Freely subscribe to our NEWSLETTER

Newsletter FR

Newsletter EN

Vulnérabilités

Unsubscribe

Could Fireball Malware Become the Next Mirai?

June 2017 by Mohammed Al-Moneer, Regional Director, MENA at A10 Networks

This month, researchers uncovered a malware strain believed to have infected
more than 250 million computers globally. It is further believed that this
malware is present on 20 percent of corporate networks.

Dubbed "Fireball," the massive malware infection originated in China and has
caused disastrous outbreaks in Brazil, India and Mexico. There’s the potential
for Fireball to become more calamitous.

Security firm Check Point, which found Fireball, called it
"possibly the largest infection operation in history."

".Fireball, takes over target browsers and turns them into zombies," Check Point
wrote. "Fireball has two main functionalities: the ability of running any code
on victim computers - downloading any file or malware, and hijacking and
manipulating infected users’ web-traffic to generate ad-revenue. Currently,
Fireball installs plug-ins and additional configurations to boost its
advertisements, but just as easily it can turn into a prominent distributor for
any additional malware."

Potential Devastation

What’s more startling, is that Fireball has the ability to execute commands
remotely, including downloading further malicious software. This means threat
actors could theoretically use the more than 250 million infected machines to
launch a colossal and destructive botnet, that could rival
Mirai.

The Mirai malware is blamed for the DDoS attack against DNS provider
Dyn
 that knocked many of the web’s biggest sites
offline last year; the 600-plus Gbps attack against Krebsonsecurity; and the
attack against service provider OVH.

Attackers used the Mirai malware to take control of unsecured Internet of Things
(IoT) devices, namely web-enabled cameras, to build botnets. This gave rise to
the DDoS of Things and
heralded a new era of DDoS attacks, which for the first time, exceeded the 1
Tbps threshold
.

While Fireball itself isn’t a DDoS attack, an attacker could weaponize the
compromised machines and use them to build a botnet that rises to the level of
Mirai, especially considering infected PCs are far more powerful than hijacked
webcams.

Maya Horowitz, threat intelligence group manager at Check Point, told Dark
Reading
that Fireball has the
potential to be leveraged for a Mirai-style wave of gigantic DDoS attacks.

"In [Fireball’s] case, each infected machine was its own, and someday all these
machines could get the command to do something," Horowitz told Dark Reading.
"Any risk you can think of; any code can run on these machines."

Fight Fire with Fire

The DDoS of Things is powering bigger, smarter and more devastating multi-vector
attacks than ever imagined.

Fireball’s potential to become the next Mirai, or something worse, reinforces
the need for protection from the DDoS of Things and IoT-fueled DDoS attacks.

DDoS attacks are damaging. Along with service disruption, they can have a
lasting impact that harms your brand reputation, your revenue and your user
experience. You need to fight back. If Fireball reaches Mirai status, you need a
weapon against volumetric, multi-vector DDoS attacks. You need
major firepower to stand up to the DDoS of Things.


See previous articles

    

See next articles


Your podcast Here

New, you can have your Podcast here. Contact us for more information ask:
Marc Brami
Phone: +33 1 40 92 05 55
Mail: ipsimp@free.fr

All new podcasts