Microsoft refutes report about 'Fireball' adware infecting 250 million PCs
2 min. read
Published on
Share this article
Improve this guide
Read our disclosure page to find out how can you help MSPoweruser sustain the editorial team Read more
Earlier this month, the security firm Check Point reported a high volume Chinese threat operation which has infected over 250 million computers worldwide, and 20% of corporate networks. This malware known as Fireball can change the default search engines in web browsers installed on affected PCs, execute any malicious code and more.
Microsoft Windows Defender Research team today published a detailed report on “Fireball” cybersecurity threat operation. First of all, Microsoft highlighted that this is not a new threat as reported by Check Point. Microsoft cyber security teams have been tracking this threat since 2015. Microsoft also noted that the magnitude of its reach might have been overblown. Check Point used a wrong a method to estimate the size of the Fireball malware. Check Point’s numbers are based on Alexa traffic to the search pages.
Not every machine that visits one of these sites is infected with malware. The search pages earn revenue regardless of how a user arrives at the page. Some may be loaded by users who are not infected during normal web browsing, for example, via advertisements or domain parking.
The estimates were made from analyzing Alexa ranking data, which are estimates of visitor numbers based on a small percentage of Internet users. Alexa’s estimates are based on normal web browsing. They are not the kind of traffic produced by malware infections, like the Fireball threats, which only target Google Chrome and Mozilla Firefox. The Alexa traffic estimates for the Fireball domains, for example, differ from Alexa competitor SimilarWeb.
According to the data from the Microsoft Malicious Software Removal Tool (MSRT) on over 500 million machines, less than 5 millions were infected by Fireball malware and Microsoft’s security tools have cleaned them as well.
Microsoft is using Windows Defender Antivirus and Microsoft Malicious Software Removal Tool to clean the PCs that are already affected and reducing the threat distribution. Also, it is important to note that Microsoft Edge is not affected by the browser hijacking techniques used by Fireball.
To get the latest virus/malware protection from Microsoft, you need to keep your Windows operating system and antivirus up-to-date.
