virus logo Intrusion Prevention

FinFisher.Botnet

description-logoDescription

This indicates that a system might be infected by FinFisher Botnet.
FinFisher, also known as FINSPY is a surveillance malware that targets Windows platform. The malware often infects computers through malicious Word documents, exploiting vulnerabilities such as CVE-2017-0199 and CVE-2017-8759. All botnet signatures from FortiOS 5.6 onwards are under IPS, and have their default action set to "Block".

affected-products-logoAffected Products

Any unprotected Windows system is vulnerable.

Impact logoImpact

System Compromise: Remote attackers can gain control of vulnerable systems.

recomended-action-logoRecommended Actions

If required, the signature's action can be set to "Block".
Please use Anti-Virus software to scan and clean the infected computer.

Coverage

IPS (Regular DB)
IPS (Extended DB)

Version Updates

Date Version Status Detail
2023-12-12 26.693
Modified
 Sig Added

References

https://en.wikipedia.org/wiki/FinFisher https://community.rapid7.com/community/infosec/blog/2012/08/08/finfisher https://citizenlab.org/2012/07/from-bahrain-with-love-finfishers-spy-kit-exposed/
ID 35903
Created Jun 14, 2013
Updated Dec 02, 2024
Risk black-background-circle-icon black-background-circle-icon black-background-circle-icon black-background-circle-icon black-background-circle-icon
Default Action drop
Active
Affected OS Windows
Affected App Other
Profile Type Malware