- Copies itself to the System folder as F1REF0X.EXE.
- Adds the following value:
Mozilla Firefox = "F1REF0X.EXE"to the following registry subkeys:
Backdoor and/or Trojan Behavior
- Opens a backdoor on TCP port 113.
- Connects to an IRC server to await instructions and commands from a malicious user. These commands can cause the infected machine to perform any of the following actions:
- Perform basic IRC commands
- Download and execute files
- Update or remove itself
- Scan for vulnerable computers
- Send confidential information, such as user names, passwords, etc., to the remote user
- List and terminate services and processes
- Initiate distributed denial of service (DDoS) attacks
- Logs keystrokes
- Check the main screen using the web interface for your FortiGate unit to ensure that the latest AV/NIDS database has been downloaded and installed on your system - if required, enable the "Allow Push Update" option.