MICROSOFT HAS CALLED BS on Check Point's claims that Chinese malware, dubbed 'Fireball', has infected 250 million PCs.
Check Point made these claims earlier month, saying that Fireball - which it says comes out of Rafotech, a large digital marketing agency based in Beijing, - has infected 20 per cent corporate networks, or 250 million computers, by hijacking a users' web browser.
"Rafotech uses Fireball to manipulate the victims' browsers and turn their default search engines and home pages into fake search engines. This redirects the queries to either yahoo.com or Google.com," Check Point said at the time.
"The fake search engines include tracking pixels used to collect the users' private information. Fireball has the ability to spy on victims, perform efficient malware dropping, and execute any malicious code in the infected machines, this creates a massive security flaw in targeted machines and networks."
Microsoft, which has been monitoring the so-called Fireball threat since 2015, this week fired back and said that "while the threat is real, the reported magnitude of its reach might have been overblown".
In its research, Microsoft says that Check Point tracked the number of visits to the fake pages to get the 250 million figure, rather than looking at how many devices were infected by Fireball. It estimates that around five million PCs have been hit by the Chinese malware.
"Not every machine that visits one of these sites is infected with malware," Microsoft said. "The search pages earn revenue regardless of how a user arrives at the page. Some may be loaded by users who are not infected during normal web browsing, for example, via advertisements or domain parking."
Microsoft has asked to get a closer look at Check Point's data and the security firm is cooperating.
"We tried to reassess the number of infections, and from recent data we know for sure that numbers are at least 40 million, but could be much more," Maya Horowitz, Check Point's threat intelligence group manager, said in a statement given to CNET. µ
You can't fault them for speed
Investigation reveals that malicious code was injected into the firm's payment page
Plus the three-for-free
And it's not just on Ubuntu, neither