Could fireball malware become the next Mirai?

Guest written by Mohammed Al-Moneer, Regional Director, MENA at A10 Networks.

This month, researchers uncovered a malware strain believed to have infected more than 250 million computers globally. It is further believed that this malware is present on 20 percent of corporate networks.

Dubbed “Fireball,” the massive malware infection originated in China and has caused disastrous outbreaks in Brazil, India and Mexico. There’s the potential for Fireball to become more calamitous.

Security firm Check Point, which found Fireball, called it “possibly the largest infection operation in history.”

“…Fireball, takes over target browsers and turns them into zombies,” Check Point wrote. “Fireball has two main functionalities: the ability of running any code on victim computers – downloading any file or malware, and hijacking and manipulating infected users’ web-traffic to generate ad-revenue. Currently, Fireball installs plug-ins and additional configurations to boost its advertisements, but just as easily it can turn into a prominent distributor for any additional malware.”

Potential Devastation

What’s more startling, is that Fireball has the ability to execute commands remotely, including downloading further malicious software. This means threat actors could theoretically use the more than 250 million infected machines to launch a colossal and destructive botnet, that could rival Mirai.

The Mirai malware is blamed for the DDoS attack against DNS provider Dyn that knocked many of the web’s biggest sites offline last year; the 600-plus Gbps attack against Krebsonsecurity; and the attack against service provider OVH.

Attackers used the Mirai malware to take control of unsecured Internet of Things (IoT) devices, namely web-enabled cameras, to build botnets. This gave rise to the DDoS of Things and heralded a new era of DDoS attacks, which for the first time, exceeded the 1 Tbps threshold.

While Fireball itself isn’t a DDoS attack, an attacker could weaponize the compromised machines and use them to build a botnet that rises to the level of Mirai, especially considering infected PCs are far more powerful than hijacked webcams.

Maya Horowitz, threat intelligence group manager at Check Point, told Dark Reading that Fireball has the potential to be leveraged for a Mirai-style wave of gigantic DDoS attacks.

“In [Fireball’s] case, each infected machine was its own, and someday all these machines could get the command to do something,” Horowitz told Dark Reading. “Any risk you can think of; any code can run on these machines.”

Fight Fire with Fire

The DDoS of Things is powering bigger, smarter and more devastating multi-vector attacks than ever imagined.

Fireball’s potential to become the next Mirai, or something worse, reinforces the need for protection from the DDoS of Things and IoT-fueled DDoS attacks.

DDoS attacks are damaging. Along with service disruption, they can have a lasting impact that harms your brand reputation, your revenue and your user experience. You need to fight back. If Fireball reaches Mirai status, you need a weapon against volumetric, multi-vector DDoS attacks. You need major firepower to stand up to the DDoS of Things.