JS/Kryptik.AOW!tr
Analysis
- This detection is for an encrypted Javascript that is mostly intended to redirect to sites that may have malicious content.
- Listed below are some of the URLs that it connects to:
- http://ka{Removed}.lu/counter.php
- http://dairysol{Removed}.com/counter.php
- http://www.carav{Removed}.it/images/esd.php
- One instance of this malicious Javascript displays the following message that claims to scan the system for malicious files: "Windows 7 Security Center has found suspicious activity on last website and will perform quick scan of system files."
Recommended Action
- FortiGate Systems
- Check the main screen using the web interface for your FortiGate unit to ensure that the latest AV/NIDS database has been downloaded and installed on your system - if required, enable the "Allow Push Update" option.
FortiClient Systems
- Quarantine/delete files that are detected and replace infected files with clean backup copies.
Telemetry
Detection Availability
FortiGate | |
---|---|
Extended | |
FortiClient | |
FortiMail | |
FortiSandbox | |
FortiWeb | |
Web Application Firewall | |
FortiIsolator | |
FortiDeceptor | |
FortiEDR |