Intrusion PreventionGh0st.Rat.Botnet
Description
This indicates that a system might be infected by the Gh0st Rat Botnet.
Gh0st Rat is a Windows malware that can remotely control a computer to log key strokes, take screenshots, execute arbitrary commands, download and install additional malware.
Please note: this signature sometimes gets triggered by botnet scanning traffics from Shodan scanners. Please check the source IP to verify if it's an actual infection on the network.
All botnet signatures from FortiOS 5.6 onwards are under IPS, and have their default action set to "Block".
Affected Products
Any unprotected Windows system is vulnerable.
Impact
System Compromise: Remote attackers can gain control of vulnerable systems.
Recommended Actions
If required, the signature's action can be set to "Block".
Use Anti-Virus software to scan and clean the system.
Coverage
| IPS (Regular DB) | |
| IPS (Extended DB) |
| ID | 38503 |
| Created | May 13, 2014 |
| Updated | Mar 02, 2026 |
| Risk |
|
| Default Action | drop |
| Active | |
| Affected OS | Windows |
| Affected App | Other |
| Profile Type | Malware |