11 arrested in Chinese Fireball malware investigation

But other attackers are still out there…

Beijing police arrest 11 individuals in Fireball malware investigation

Beijing police officers have arrested 11 individuals in connection with the Fireball malware that had infected hundreds of millions of machines as of 2017.

On 3 June 2017, law enforcement in the Haidian district of Beijing received a tip from someone operating under the pseudonym "Zhang Ming." That individual alerted the Beijing Public Security Bureau Network Security Corps to free software possibly containing the code for Fireball, an updated form of the ELEX adware which is capable of not only hijacking users' browsers but also running any code on an infected machine.

All the program needs to do is first trick a user into installing it. Its creator, presumably a Chinese digital marketing agency called Rafotech, accomplished this task by bundling Fireball with its other products.

Figure 1 768x545

Beijing's law enforcement officers needed to see this for themselves.

Haidian police ran the suspect freeware on a simulation system. According to an English translation of a Sohu article, Fireball did rear its ugly head, thereby confirming that Rafotech had indeed incorporated the malware into its freeware.

Law enforcement subsequently traced the location of Rafotech and arrested 11 of its employees. Those individuals have since "admitted the facts" pertaining to their software.

As of June 2017, Fireball had claimed 250 million users worldwide and had affected one out of every five corporate networks. The malware is believed to have generated 80 million yuan in 2016 alone.

To protect themselves against threats like Fireball, it's imperative that users think twice before they install freeware on their computers. It's rare that anything is ever truly "free". So when a developer releases a "free" program, rest assured there is a good chance they're making money off it somehow... perhaps in a way that undermines users' privacy and security.

At the very least, users should download software from only a trusted developer off of respected marketplaces. They should not install programs off unknown locations from people they don't know.

Tags: , ,

Smashing Security podcast
Check out "Smashing Security", the new weekly audio podcast, with Graham Cluley, Carole Theriault, and special guests from the world of information security.

"Three people having fun in an industry often focused on bad news" • "It's brilliant!" • "The Top Gear of computer security"

Latest episodes:

, ,

One Response

  1. MikeOh Shark

    July 28, 2017 at 10:57 pm #

    I have used some freeware for many years and never had a problem. Use freeware only from programmers who provide their name and whose software is vetted by the big download sites. Even then, you have to be careful and use programs that monitor changes to the registry, file changes, and changes to open ports.

    Now I use Linux. Most of it is free but I feel safe.

    Avoid freeware may be good advice for some but I think it's mostly the bloated high priced software houses that benefit from this advice.

Leave a Reply