| Recurring |
one_organization |
(a) The software failure incident related to the adware Fireball infecting computers and causing potential serious damage has been attributed to the Beijing-based digital marketing firm Rafotech. Check Point traced the Fireball infections to Rafotech by analyzing the domains of the command and control servers that the malware links back to [60314].
(b) The software failure incident involving the Fireball adware impacting millions of computers globally is not specifically mentioned to have happened at other organizations or with their products and services in the provided article. Therefore, it is unknown if a similar incident has occurred at multiple organizations. |
| Phase (Design/Operation) |
design, operation |
(a) The software failure incident related to the design phase can be seen in the case of the Fireball malware discussed in Article 60314. The malware was designed to infect computers and hijack browsers to change the default search engine, track web traffic, and potentially run any code on the victim's machine remotely. This design flaw allowed the malware to have the capability to do far more serious damage beyond just displaying pop-ups, indicating a failure in the design phase [60314].
(b) The software failure incident related to the operation phase can be observed in the way the Fireball malware operated by infecting as many as one in five networks globally. The malware was able to infect 250 million PCs by being bundled with free software or through other techniques like phishing or exploit kits. This operational failure led to a large number of computers being infected and potentially exploited by the creators of the malware [60314]. |
| Boundary (Internal/External) |
within_system, outside_system |
(a) within_system: The software failure incident described in the article is primarily due to contributing factors that originate from within the system. The adware named Fireball infects computers, hijacks browsers, changes default search engines, tracks web traffic, and has the ability to remotely run any code on the victim's machine or download new malicious files. This malicious software was contracted via free software bundled with Rafotech's code, indicating internal system vulnerabilities exploited by the malware [60314].
(b) outside_system: The software failure incident also involves contributing factors that originate from outside the system. The malware was designed by a Beijing-based digital marketing firm called Rafotech, indicating an external entity creating and distributing the malicious software. Additionally, the malware links back to command and control servers controlled by Rafotech, suggesting external control and influence over the infected computers [60314]. |
| Nature (Human/Non-human) |
non-human_actions, human_actions |
(a) The software failure incident in this case is primarily due to non-human actions. The incident involves the spread of adware called Fireball, which infects computers to display pop-ups and track web traffic on behalf of a digital marketing firm. The malware has the capability to remotely run any code on the victim's machine or download new malicious files, potentially turning infected machines into a botnet or harvesting private data [60314].
(b) However, human actions also play a role in this software failure incident. The malware was contracted by some portion of hundreds of millions of computers via free software that was "bundled" with the adware by a Beijing-based digital marketing firm called Rafotech. The researchers point to freeware like Soso Desktop and FVP Imageviewer, which have been packaged with the adware in some cases. Additionally, the malware's creators, believed to be based in China, are behind the campaign to infect computers and potentially exploit them for malicious purposes [60314]. |
| Dimension (Hardware/Software) |
software |
(a) The software failure incident related to hardware: The article does not mention any specific hardware-related failures contributing to the Fireball malware incident. It primarily focuses on the malware's impact, distribution, and potential risks associated with the infected software.
(b) The software failure incident related to software: The Fireball malware incident is a clear example of a software failure originating in software. The malware infects computers through free software bundles and is designed to hijack browsers, change search engines, track web traffic, and potentially run malicious code remotely on victims' machines. This software failure incident highlights the dangers of malware disguised as adware and the potential for serious consequences beyond just displaying pop-up ads [60314]. |
| Objective (Malicious/Non-malicious) |
malicious |
(a) The software failure incident described in the article is malicious in nature. The adware named Fireball was designed to infect computers with malicious code that could hijack browsers, change default search engines, track web traffic, remotely run code on victims' machines, and download new malicious files. The malware was created with the potential to turn infected machines into a botnet, harvest credentials, and gather private data en masse [60314]. |
| Intent (Poor/Accidental Decisions) |
poor_decisions |
(a) The intent of the software failure incident in this case seems to be more aligned with poor_decisions. The software, Fireball, was designed to infect computers with malicious code, hijack browsers, change default search engines, track web traffic, and potentially run any code on the victim's machine or download new malicious files. The malware was disguised as adware but had the capability to do far more serious damage. The developers behind this campaign had the ability to exploit the backdoor installed on infected computers, indicating a malicious intent [60314]. |
| Capability (Incompetence/Accidental) |
development_incompetence, accidental |
(a) The software failure incident related to development incompetence is evident in the case of the Fireball malware described in Article 60314. The malware was designed to infect computers, hijack browsers, change default search engines, track web traffic, and potentially run any code on the victim's machine. This sophisticated malware was disguised as adware but had the capability to do far more serious damage. The malware was able to infect a significant number of computers globally, indicating a high level of professional competence by the developers behind the malicious code.
(b) The accidental aspect of the software failure incident is also highlighted in the article. The malware was found to have infected hundreds of millions of computers through free software that was "bundled" with the malicious code. The article mentions that the researchers were unsure if other common techniques like phishing or exploit kits were also used to install the malware, indicating a possibility of accidental introduction of the malware through various means beyond intentional distribution [60314]. |
| Duration |
temporary |
The software failure incident described in the article is more aligned with a temporary failure rather than a permanent one. The incident involves the spread of adware known as Fireball, which infected around 250 million PCs globally [60314]. This adware was designed to hijack browsers, change default search engines, track web traffic, and potentially run any code on the victim's machine. The incident is temporary in nature as it was caused by specific circumstances, such as the installation of free software bundled with the adware, rather than being a permanent issue affecting all circumstances. |
| Behaviour |
value, other |
(a) crash: The software failure incident described in the article does not involve a crash where the system loses state and stops performing its intended functions [60314].
(b) omission: The software failure incident does not involve the system omitting to perform its intended functions at an instance(s) [60314].
(c) timing: The software failure incident does not involve the system performing its intended functions too late or too early [60314].
(d) value: The software failure incident does involve the system performing its intended functions incorrectly, as it infects computers with malicious code designed to hijack browsers, change default search engines, track web traffic, and potentially run any code on the victim's machine [60314].
(e) byzantine: The software failure incident does not involve the system behaving erroneously with inconsistent responses and interactions [60314].
(f) other: The software failure incident involves the system behaving in a way not described in the options (a) to (e), specifically by infecting computers with adware that can lead to serious consequences beyond just displaying pop-ups, potentially turning infected machines into a botnet or harvesting private data [60314]. |