How do I detect emails that are possible carriers of the Fireball adware?

In recent days, all cyber security analysts have been warning us about the newest threat to security, an adware that has been named Fireball. This adware is a browser hijacker--it has the capability to take control of your browsers, track your web usage, and wreak havoc in many other ways. It makes use of tracking pixels to get victims' personal information.

How does it get into my system?

Fireball is bundled with other legitimate software the victim has already agreed to download. It appears as a link to a PowerPoint file in emails. The link is usually to a file named "order.ppsx", "invoice.ppsx", or “order&prsn.ppsx”. Simply hovering your mouse over the link can download the adware into your computers. The emails seem to have the subject line "RE:Purchase orders #69812" or "Fwd:Confirmation", sometimes with an attached zipped file containing the adware.

How do I protect myself?

In a previous Tips & Tricks post, we discussed the content reports of Exchange Reporter Plus. These reports will help you locate emails in your organization that contain the adware links in the content or have the malicious attachments.

Create a custom report by following these steps:

• Click the Reports tab.
• Click the Create New Report link.
• Enter the keywords with which the emails need to be located.
• Click Create.

Exchange Reporter Plus fetches the required data and displays it in the newly created report. This way, you can identify emails that are possible carriers of Fireball and warn the employees of your organization.