Computers in Australia and New Zealand are among the 250 million units around the world hit by a browser hijacker that has the potential to turn into something much worse.

The security firm Check Point identified the Beijing-based RAFO Technology (Rafotech) as the source of "Fireball", adware that has the capability of doing serious damage to its victims.  It's designed to hijack infected browsers to change the default search engine, and send details of web traffic back to China.  That seems annoying but trivial.

Annoying!

But it also has the ability to download new malicious files and remotely run any code on the victim's machine. 

"It installs a backdoor into all these computers that can be very, very easily exploited in the hands of the Chinese people behind this campaign," said Maya Horowitz, the head of Check Point research team to Wired Magazine.

Check Point believes the malware was "bundled" in free downloads of Rafotech products such as Deal Wifi and Mustang Browser, and even with products from other companies.  Phishing scams might also have been employed to distribute Fireball.  The plan might be to make money by taking a fee when infected machines visit the website of one of its clients churned up with the bogus search results.  But the potential to create a massive bot network or hijacked machines is also a possibility.

"Something behind this is fishy, and the intentions of the developers aren’t only to monetize on advertisements," says Ms. Horowitz.  "We don’t know their plan, and if there really is one.  But it looks like they want to have the opportunity to take it to the next level.  And they can."