Could Fireball malware become the next Mirai?

Could Fireball malware become the next Mirai?

Mohammed Al-Moneer, Regional Director, MENA at A10 Networks, asks if Fireball has the potential to become the next Mirari

Article by Mohammed Al-Moneer, Regional Director, MENA at A10 Networks.

This month, researchers uncovered a malware strain believed to have infected more than 250 million computers globally. It is further believed that this malware is present on 20 per cent of corporate networks.

Dubbed ‘Fireball’ the massive malware infection originated in China and has caused disastrous outbreaks in Brazil, India and Mexico. There’s the potential for Fireball to become more calamitous.

Security firm Check Point, which found Fireball, called it “possibly the largest infection operation in history.”
“…Fireball, takes over target browsers and turns them into zombies,” Check Point wrote. “Fireball has two main functionalities: the ability of running any code on victim computers – downloading any file or malware, and hijacking and manipulating infected users’ web-traffic to generate ad-revenue.

“Currently, Fireball installs plug-ins and additional configurations to boost its advertisements, but just as easily it can turn into a prominent distributor for any additional malware.”

What’s more startling, is that Fireball has the ability to execute commands remotely, including downloading further malicious software. This means threat actors could theoretically use the more than 250 million infected machines to launch a colossal and destructive botnet, that could rival Mirai.

The Mirai malware is blamed for the DDoS (Distributed Denial of Service) attack against DNS provider Dyn that knocked many of the web’s biggest sites offline last year; the 600-plus Gbps attack against Krebsonsecurity; and the attack against service provider OVH.

Attackers used the Mirai malware to take control of unsecured Internet of Things (IoT) devices, namely web-enabled cameras, to build botnets. This gave rise to the DDoS of Things and heralded a new era of DDoS attacks, which for the first time, exceeded the 1 Tbps threshold.

While Fireball itself isn’t a DDoS attack, an attacker could weaponise the compromised machines and use them to build a botnet that rises to the level of Mirai, especially considering infected PCs are far more powerful than hijacked webcams.

Maya Horowitz, threat intelligence group manager at Check Point, told Dark Reading that Fireball has the potential to be leveraged for a Mirai-style wave of gigantic DDoS attacks.
“In [Fireball’s] case, each infected machine was its own, and someday all these machines could get the command to do something,” Horowitz told Dark Reading. “Any risk you can think of; any code can run on these machines.”

The DDoS of Things is powering bigger, smarter and more devastating multi-vector attacks than ever imagined.
Fireball’s potential to become the next Mirai, or something worse, reinforces the need for protection from the DDoS of Things and IoT-fueled DDoS attacks.

DDoS attacks are damaging. Along with service disruption, they can have a lasting impact that harms your brand reputation, your revenue and your user experience. You need to fight back. If Fireball reaches Mirai status, you need a weapon against volumetric, multi-vector DDoS attacks. You need major firepower to stand up to the DDoS of Things.

About the author
Mohammed Al-Moneer is Regional Director, MENA at A10 Networks. Mohammed has held various sales leadership positions at networking and other high tech companies. Most recently at Infoblox, he served as regional manager for Saudi Arabia, where he leveraged his success in leading the services business to drive operational efficiencies and innovation and achieve exceptional growth. Prior to that he worked as territory sales manager for enterprise servers, storage and networking at Hewlett-Packard.

Browse our latest issue

Intelligent CISO

View Magazine Archive