Riskware/FireBall

description-logoAnalysis


Riskware/Fireball is a generic detection for a riskware application. Since this is a generic detection, files that are detected as Riskware/Fireball may have varying behavior.
This riskware is known for installing Browser Helper Objects (BHOs) and hijacking browser settings by changing default start-up pages for Google Chrome, Microsoft Internet Explorer, and other browsers to other search engines such as Nuesearch. It is often bundled with other software.
Uninstalling this riskware may be difficult because they often lack an uninstaller component and are sometimes installed into machines using Windows services to automatically begin execution on startup.
Although they are primarily browser hijackers, there is concern recently of this being further misused for malicious activity since it is very wide spread and is still bundled with legitimate software.

recommended-action-logoRecommended Action

  • Make sure that your FortiGate/FortiClient system is using the latest AV database.
  • Quarantine/delete files that are detected and replace infected files with clean backup copies.

Telemetry logoTelemetry

Detection Availability

FortiGate
FortiClient
FortiAPS
FortiAPU
FortiMail
FortiSandbox
FortiWeb
Web Application Firewall
FortiIsolator
FortiDeceptor
FortiEDR

Version Updates

Date Version Detail
2024-01-01 92.00251
2023-11-16 91.08860
2023-09-12 91.06894
2023-07-25 91.05427
2023-07-04 91.04797
2023-05-15 91.03282
2023-05-15 91.03277
2023-05-09 91.03106
2023-05-02 91.02896
2023-03-28 91.01840