Some of the programs that Rafotech bundled the Fireball software are Deal WiFi, Mustang Browser, SoSoDesk and FVP Image Viewer.
[7] Rafotech claims to have 300 million users (similar to the estimated number of infections) worldwide but denies that it uses these fake search engines.
[7] Malware has the ability of running any code on victim computers, such as downloading an arbitrary file and hijacking and manipulating infected user's web traffic in order to generate advertisement revenue.
Check Point asserts, “The malware and the fake search engines don’t carry indicators connecting them to Rafotech, they cannot be uninstalled by an ordinary user and they conceal their true nature.” Furthermore, Fireball “displays great sophistication and quality evasion techniques, including anti-detection capabilities, multilayer structure and a flexible C&C.”[8] Another deception is the use of legitimate-seeming Digital certificates.
[8] The program has the capability to run arbitrary code, download applications and harvest more sensitive information, such as banking and medical details.
Check Point researches also claim that this malware might have infected computers on 20% of corporate networks, making it a high volume internet threat.