virus logo Virus

JS/Kryptik.AOW!tr

description-logoAnalysis

  • This detection is for an encrypted Javascript that is mostly intended to redirect to sites that may have malicious content.

  • Listed below are some of the URLs that it connects to:
    • http://ka{Removed}.lu/counter.php
    • http://dairysol{Removed}.com/counter.php
    • http://www.carav{Removed}.it/images/esd.php

  • One instance of this malicious Javascript displays the following message that claims to scan the system for malicious files: "Windows 7 Security Center has found suspicious activity on last website and will perform quick scan of system files."

recommended-action-logoRecommended Action

    FortiGate Systems
  • Check the main screen using the web interface for your FortiGate unit to ensure that the latest AV/NIDS database has been downloaded and installed on your system - if required, enable the "Allow Push Update" option.
    FortiClient Systems
  • Quarantine/delete files that are detected and replace infected files with clean backup copies.

Telemetry logoTelemetry

Detection Availability

FortiGate
Extended
FortiClient
FortiMail
FortiSandbox
FortiWeb
Web Application Firewall
FortiIsolator
FortiDeceptor
FortiEDR

Version Updates

Date Version Detail
2021-10-05 89.05661
2021-07-29 87.00979
2021-07-01 87.00318
2019-10-08 72.18000 Sig Updated
2019-07-09 69.84600 Sig Updated
ID 5651260
Released Oct 07, 2013
Description
Updated		 Jan 27, 2014
Aliases Trojan-Downloader.JS.Iframe.deu, JS/Exploit-Blacole.ht trojan, Troj/Iframe-JH, JS/Kryptik.AOG trojan, JS/Redir, JS_BLACOLE.AAE, JS:Exploit.BlackHole.KU
Platform Profile Java Script