W32/Zbot.OA!tr
Analysis
W32/Zbot.OA!tr is a generic detection for a type of trojan that attempts to connect to remote servers. Since this is a generic detection, malware that are detected as W32/Zbot.OA!tr may have varying behavior.
Below are examples of some of these behavior:
- Some variants of this malware spawn a hidden Internet Explorer process which attempts to connect to remote sites, such as the following:
- net-for{Removed}.com
- netwo{Removed}.hopto.org
- choo{Removed}.net
Recommended Action
- FortiGate Systems
- Check the main screen using the web interface for your FortiGate unit to ensure that the latest AV/NIDS database has been downloaded and installed on your system - if required, enable the "Allow Push Update" option.
FortiClient Systems
- Quarantine/delete files that are detected and replace infected files with clean backup copies.
Telemetry
Detection Availability
FortiGate | |
---|---|
Extended | |
FortiClient | |
FortiMail | |
FortiSandbox | |
FortiWeb | |
Web Application Firewall | |
FortiIsolator | |
FortiDeceptor | |
FortiEDR |