W32/Saye!tr
Analysis
- Trojan is 32bit with a compressed file size of 7,541
bytes
- Trojan is a hacking tool used to exploit systems
which are not patched with the RPC DCOM patches from
Microsoft
- The Trojan is a command line program which could
be used to compromise a system by exploiting a RPC
buffer overflow exploit against a target system
- If the hacking tool is successful at exploiting the target, the target system could have a newly created user account named "e" with a password of "asd#321"
Recommended Action
- Check the main screen using the web interface for your FortiGate unit to ensure that the latest AV/NIDS database has been downloaded and installed on your system - if required, enable the "Allow Push Update" option
- Ensure all systems are updated with the latest Microsoft patches against RPC DCOM exploits