Cyber security sleuths have alerted internet users against the destructive activity of a browser-attacking virus- ‘Fireball’- that steals sensitive user data and manipulates regular surfing activity. The malware has been spreading across the globe and possesses over two dozen aliases and spreads by bundling and “without the user’s consent”.
“It has been reported that a malware named as ‘Fireball’ targeting browsers is spreading worldwide. “It has the ability to collect user information, manipulate web-traffic to generate ad-revenue, malware dropping and executing malicious code on the infected machines,” the Computer Emergency Response Team of India (CERT-In) said in its latest advisory to internet users.
The CERT-In is the nodal agency to combat hacking, phishing and to fortify security-related defences of the Indian internet domain. The agency said the malware or the virus can be “detected by majority of the anti-virus solutions” and it has advised internet users to install updated anti-virus solutions to protect their computers from this infection.
It said the virus, ‘Fireball’, “currently installs plug- ins and additional configurations to boost its advertisements but it could be used as distributor for any additional malware in future.”
“It is reported that the malware ‘Fireball’ is used by one of the largest marketing agency to manipulate the victims’ browsers and changes their default search engines and home pages into fake search engines. “It also re-directs the queries to either yahoo.com or Google.com. The fake search engines also collects the users’ private information,” the advisory said.
‘Fireball’, it said, is capable of acting as a browser- hijacker, manipulating web traffic to generate ad-revenue, capable of downloading further malware, capable of executing any malicious code on the victim machine and collects user information and steals credentials from the victim machine.
The CERT-In has also suggested some counter-measures:
“Do not click on banners or pop-up or ads notifications, do not visit untrusted websites and do not download or open attachment in emails received from untrusted sources or unexpectedly received from trusted users.”
It said a user, in order to exercise caution after logging-in the system, should check for default setting of web browsers, such as homepage, search engine, browser extensions and plug-ins installed, and if something is found unknown, then it should be deleted.