Could Fireball malware become the next Mirai?

By Pippa Sanderson   8 June, 2017
Could Fireball malware become the next Mirai?

Mohammed Al-Moneer, Regional Director, MENA at A10 Networks.

Researchers have recently uncovered a malware strain believed to have infected more than 250 million computers globally. It is further believed that this malware is present on 20 per cent of corporate networks.

Dubbed ‘Fireball’, the massive malware infection originated in China and has caused disastrous outbreaks in Brazil, India and Mexico. There’s the potential for Fireball to become more calamitous.

Security firm Check Point, which found Fireball, called it “possibly the largest infection operation in history. . . . Fireball, takes over target browsers and turns them into zombies,” Check Point wrote. “Fireball has two main functionalities: the ability to run any code on victims’ computers, downloading any file or malware; and hijacking and manipulating infected users’ web traffic to generate ad revenue. Currently, Fireball installs plug-ins and additional configurations to boost its advertisements but, just as easily, it can turn into a prominent distributor for any additional malware.”

Potential devastation
What’s more startling is that Fireball has the ability to execute commands remotely, including downloading further malicious software. This means threat actors could theoretically use the more than 250 million infected machines to launch a colossal and destructive botnet that could rival Mirai.

The Mirai malware is blamed for the DDoS attack against DNS provider Dyn that knocked many of the web’s biggest sites offline last year; the 600-plus Gbps attack against Krebsonsecurity; and the attack against service provider OVH.

Attackers used the Mirai malware to take control of unsecured Internet of Things (IoT) devices, namely web-enabled cameras, to build botnets. This gave rise to the DDoS of Things and heralded a new era of DDoS attacks which, for the first time, exceeded the 1 Tbps threshold.

While Fireball itself isn’t a DDoS attack, an attacker could weaponise the compromised machines and use them to build a botnet that rises to the level of Mirai, especially considering infected PCs are far more powerful than hijacked webcams.

Maya Horowitz, Threat Intelligence Group Manager at Check Point, told Dark Reading that Fireball has the potential to be leveraged for a Mirai-style wave of gigantic DDoS attacks.

“In [Fireball’s] case, each infected machine was its own, and someday all these machines could get the command to do something,” Horowitz told Dark Reading. “Any risk you can think of; any code can run on these machines.”

Fight fire with fire
The DDoS of Things is powering bigger, smarter and more devastating multi-vector attacks than ever imagined.
Fireball’s potential to become the next Mirai, or something worse, reinforces the need for protection from the DDoS of Things and IoT-fuelled DDoS attacks.

DDoS attacks are damaging. Along with service disruption, they can have a lasting impact that harms your brand reputation, your revenue and your user experience. You need to fight back. If Fireball reaches Mirai’s status, you need a weapon against volumetric, multi-vector DDoS attacks. You need major firepower to stand up to the DDoS of Things.

With the recent discovery of the potentially calamitous Fireball malware, you need a weapon against volumetric, multi-vector DDoS attacks says Mohammed Al-Moneer, Regional Director, MENA at A10 Networks.

2016 Awards Banner

Latest Whitepapers