Riskware/FireBall
Analysis
Riskware/Fireball is a generic detection for a riskware application. Since this is a generic detection, files that are detected as Riskware/Fireball may have varying behavior.
This riskware is known for installing Browser Helper Objects (BHOs) and hijacking browser settings by changing default start-up pages for Google Chrome, Microsoft Internet Explorer, and other browsers to other search engines such as Nuesearch. It is often bundled with other software.
Uninstalling this riskware may be difficult because they often lack an uninstaller component and are sometimes installed into machines using Windows services to automatically begin execution on startup.
Although they are primarily browser hijackers, there is concern recently of this being further misused for malicious activity since it is very wide spread and is still bundled with legitimate software.
Recommended Action
- Make sure that your FortiGate/FortiClient system is using the latest AV database.
- Quarantine/delete files that are detected and replace infected files with clean backup copies.
Telemetry
Detection Availability
FortiGate | |
---|---|
FortiClient | |
FortiAPS | |
FortiAPU | |
FortiMail | |
FortiSandbox | |
FortiWeb | |
Web Application Firewall | |
FortiIsolator | |
FortiDeceptor | |
FortiEDR |