Latest AV Database: JS/Iframe.W!tr
Malicious JavaScript Iframe redirect. Used to obscure the malicious URL.7.43%
Virus PrevalenceOf Fortinet devices world-wide, 7.43% reported new detections of this virus last month
Characteristics
- Aliases
- JS/Blacole-Redirect.i
- Category
- Malware
- Platform
- win32
Detection Availability
- Date Discovered
- 18/11/2011
- Date Added
- 18/11/2011
- Database Version
- 15.917
- Detection Availability
-
Product Active Database Extended Database FortiGate High
LowFortiClient FortiMail -
Technical Details
- Possible Symptoms
- Possible request for the user to allow popup windows in Microsoft Internet Explorer.
- Detailed Analysis
- Javascript codes that are intended to redirect the browser to malicious websites through the use of the IFrame HTML tag.
This malware commonly contains an encrypted portion. After decryption, the last instruction would be an eval() function. - Removal Instructions
JS/Redirector.XA!tr
7.37%
Virus PrevalenceOf Fortinet devices world-wide, 7.37% reported new detections of this virus last month
Detection Availability
| Product | Active Database | Extended Database |
|---|---|---|
| FortiGate |
High Low |
|
| FortiClient | ||
| FortiMail | - |
- Released: Jan 07, 2013
- Last Updated: Jan 07, 2013
Detailed Analysis
JS/Redirector.XA!tr is classified as a Trojan.
Trojan has the capabilities to remote access connection handling, perform Denial of Service (DoS) or Distributed DoS (DDoS), capture keyboard inputs, delete file or object, or terminate process.
The Fortinet Anti-Virus Analyst Team is currently in the process of creating a detailed description for this virus.
Trojan has the capabilities to remote access connection handling, perform Denial of Service (DoS) or Distributed DoS (DDoS), capture keyboard inputs, delete file or object, or terminate process.
The Fortinet Anti-Virus Analyst Team is currently in the process of creating a detailed description for this virus.
Removal Instructions
- FortiGate Systems
- Check the main screen using the web interface for your FortiGate unit to ensure that the latest AV/NIDS database has been downloaded and installed on your system - if required, enable the "Allow Push Update" option.
FortiClient Systems
- Quarantine/delete files that are detected and replace infected files with clean backup copies.
Java/CVE_2013_1493.NT!exploit
6.24%
Virus PrevalenceOf Fortinet devices world-wide, 6.24% reported new detections of this virus last month
Detection Availability
| Product | Active Database | Extended Database |
|---|---|---|
| FortiGate |
High Low |
|
| FortiClient | ||
| FortiMail | - |
- Released: Mar 11, 2013
- Last Updated: Mar 11, 2013
Detailed Analysis
Java/CVE_2013_1493.NT!exploit is classified as malware using a known exploit.
Exploit employs by malware to gain access to a system through a known vulnerabilities. Most commonly a computer security hole.
The Fortinet Anti-Virus Analyst Team is currently in the process of creating a detailed description for this virus.
Exploit employs by malware to gain access to a system through a known vulnerabilities. Most commonly a computer security hole.
The Fortinet Anti-Virus Analyst Team is currently in the process of creating a detailed description for this virus.
Removal Instructions
- FortiGate Systems
- Check the main screen using the web interface for your FortiGate unit to ensure that the latest AV/NIDS database has been downloaded and installed on your system - if required, enable the "Allow Push Update" option.
FortiClient Systems
- Quarantine/delete files that are detected and replace infected files with clean backup copies.
W32/Injector.ZVR!tr
5.29%
Virus PrevalenceOf Fortinet devices world-wide, 5.29% reported new detections of this virus last month
Detection Availability
| Product | Active Database | Extended Database |
|---|---|---|
| FortiGate |
High Low |
|
| FortiClient | ||
| FortiMail | - |
- Released: Dec 13, 2012
- Last Updated: Dec 13, 2012
Detailed Analysis
W32/Injector.ZVR!tr is classified as a Trojan.
Trojan has the capabilities to remote access connection handling, perform Denial of Service (DoS) or Distributed DoS (DDoS), capture keyboard inputs, delete file or object, or terminate process.
The Fortinet Anti-Virus Analyst Team is currently in the process of creating a detailed description for this virus.
Trojan has the capabilities to remote access connection handling, perform Denial of Service (DoS) or Distributed DoS (DDoS), capture keyboard inputs, delete file or object, or terminate process.
The Fortinet Anti-Virus Analyst Team is currently in the process of creating a detailed description for this virus.
Removal Instructions
- FortiGate Systems
- Check the main screen using the web interface for your FortiGate unit to ensure that the latest AV/NIDS database has been downloaded and installed on your system - if required, enable the "Allow Push Update" option.
FortiClient Systems
- Quarantine/delete files that are detected and replace infected files with clean backup copies.
Riskware/MyWebSearch
Generic signature detection of riskware search toolbar MyWebSearch4.46%
Virus PrevalenceOf Fortinet devices world-wide, 4.46% reported new detections of this virus last month
Characteristics
- Aliases
- Category
- Riskware
- Platform
- Win32
Detection Availability
- Date Discovered
- 18/08/2011
- Date Added
- 18/08/2011
- Database Version
- 17.049
- Detection Availability
-
Product Active Database Extended Database FortiGate High
LowFortiClient FortiMail -
Technical Details
- Possible Symptoms
- Presence of MyWebSearch toolbar.
- Detailed Analysis
- MyWebSearch toolbar is classified as riskware, it is often used in conjunction with malware.
- Removal Instructions
- Manual removal of Java/MBean.gen!exploit.CVE20130422 is not recommended. Fortinet recommends running a full scan of your system using FortiClient Endpoint Protection to remove this threat.
W32/AdInstaller
3.79%
Virus PrevalenceOf Fortinet devices world-wide, 3.79% reported new detections of this virus last month
Detection Availability
| Product | Active Database | Extended Database |
|---|---|---|
| FortiGate |
High Low |
|
| FortiClient | ||
| FortiMail | - |
- Released: Oct 18, 2011
- Last Updated: Oct 18, 2011
Detailed Analysis
The Fortinet Anti-Virus Analyst Team is currently in the process of creating a detailed description for this virus.
Removal Instructions
- FortiGate Systems
- Check the main screen using the web interface for your FortiGate unit to ensure that the latest AV/NIDS database has been downloaded and installed on your system - if required, enable the "Allow Push Update" option.
FortiClient Systems
- Quarantine/delete files that are detected and replace infected files with clean backup copies.
JS/Iframe.JG!tr
3.43%
Virus PrevalenceOf Fortinet devices world-wide, 3.43% reported new detections of this virus last month
Detection Availability
| Product | Active Database | Extended Database |
|---|---|---|
| FortiGate |
High Low |
|
| FortiClient | ||
| FortiMail | - |
- Released: Mar 12, 2013
- Last Updated: Mar 12, 2013
Detailed Analysis
JS/Iframe.JG!tr is classified as a Trojan.
Trojan has the capabilities to remote access connection handling, perform Denial of Service (DoS) or Distributed DoS (DDoS), capture keyboard inputs, delete file or object, or terminate process.
The Fortinet Anti-Virus Analyst Team is currently in the process of creating a detailed description for this virus.
Trojan has the capabilities to remote access connection handling, perform Denial of Service (DoS) or Distributed DoS (DDoS), capture keyboard inputs, delete file or object, or terminate process.
The Fortinet Anti-Virus Analyst Team is currently in the process of creating a detailed description for this virus.
Removal Instructions
- FortiGate Systems
- Check the main screen using the web interface for your FortiGate unit to ensure that the latest AV/NIDS database has been downloaded and installed on your system - if required, enable the "Allow Push Update" option.
FortiClient Systems
- Quarantine/delete files that are detected and replace infected files with clean backup copies.
Java/MBean.gen!exploit.CVE20130422
Generic signature to detect Java applets that exploit the Oracle Java 7 Security Manager Bypass Vulnerability, allowing remote attackers to execute arbitrary code.2.23%
Virus PrevalenceOf Fortinet devices world-wide, 2.23% reported new detections of this virus last month
Characteristics
- Aliases
- Java/Exploit.CVE-2013-0422.K trojan (NOD32)
- Category
- Malware
- Platform
- Win32
Detection Availability
- Date Discovered
- 18/01/2013
- Date Added
- 18/01/2013
- Database Version
- 17.048
- Detection Availability
-
Product Active Database Extended Database FortiGate High
LowFortiClient FortiMail -
Technical Details
- Possible Symptoms
- Possible executable with randomized name in subfolder under the user's Temporary folder.
- Detailed Analysis
- Java/MBean.gen!exploit.CVE20130422 is a generic detection for Java applets that exploit the Oracle Java 7 Security Manager Bypass Vulnerability, allowing remote attackers to execute arbitrary code.
This vulnerability can be exploited by: Using the public getMBeanInstantiator method in the JmxMBeanServer class to obtain a reference to a private MBeanInstantiator object, then retrieving arbitrary class references using the findClass method; orUsing the Reflection API with recursion in a way that bypasses a security check by the java.lang.invoke.MethodHandles.Lookup.checkSecurityManager method due to the inability of the sun.reflect.Reflection.getCallerClass method to skip frames related to the new reflection API.
More details on this vulnerability can be found at http://www.fortiguard.com/advisory/FGA-2013-03.html.
A successful exploit enables the malware to exhibit the following behavior: Download a malicious executable and save it as %TEMP%\[Random]\[Random].exe. Execute the downloaded executable. - Removal Instructions
- Manual removal of Java/MBean.gen!exploit.CVE20130422 is not recommended. Fortinet recommends running a full scan of your system using FortiClient Endpoint Protection to remove this threat.
Android/NewyearL.B
1.98%
Virus PrevalenceOf Fortinet devices world-wide, 1.98% reported new detections of this virus last month
Detection Availability
| Product | Active Database | Extended Database |
|---|---|---|
| FortiGate |
High Low |
|
| FortiClient | ||
| FortiMail | - |
- Released: Jan 30, 2012
- Last Updated: Jan 30, 2012
Detailed Analysis
The Fortinet Anti-Virus Analyst Team is currently in the process of creating a detailed description for this virus.
Removal Instructions
- FortiGate Systems
- Check the main screen using the web interface for your FortiGate unit to ensure that the latest AV/NIDS database has been downloaded and installed on your system - if required, enable the "Allow Push Update" option.
FortiClient Systems
- Quarantine/delete files that are detected and replace infected files with clean backup copies.
W32/Kryptik.KZA!tr
1.81%
Virus PrevalenceOf Fortinet devices world-wide, 1.81% reported new detections of this virus last month
Detection Availability
| Product | Active Database | Extended Database |
|---|---|---|
| FortiGate |
High Low |
|
| FortiClient | ||
| FortiMail | - |
- Released: Mar 01, 2013
- Last Updated: Mar 01, 2013
Detailed Analysis
W32/Kryptik.KZA!tr is classified as a Trojan.
Trojan has the capabilities to remote access connection handling, perform Denial of Service (DoS) or Distributed DoS (DDoS), capture keyboard inputs, delete file or object, or terminate process.
The Fortinet Anti-Virus Analyst Team is currently in the process of creating a detailed description for this virus.
Trojan has the capabilities to remote access connection handling, perform Denial of Service (DoS) or Distributed DoS (DDoS), capture keyboard inputs, delete file or object, or terminate process.
The Fortinet Anti-Virus Analyst Team is currently in the process of creating a detailed description for this virus.
Removal Instructions
- FortiGate Systems
- Check the main screen using the web interface for your FortiGate unit to ensure that the latest AV/NIDS database has been downloaded and installed on your system - if required, enable the "Allow Push Update" option.
FortiClient Systems
- Quarantine/delete files that are detected and replace infected files with clean backup copies.
