VirusHTML/Phish!tr
Analysis
HTML/Phish!tr is a detection for HTML codes that redirect the web browser to a phishing web site.
This detection is not limited to in wild spear/attack/spam phishing campaign some samples may include as part of third party pen testers using spam campaign as one of their internal tools.
- Below are some of the sample illustration on how these Phishing scheme may look like:
- Figure 1: Scam Phishing hosted over google docs.
- Figure 2: WhatsApp phishing embedded on some Phishing Mails.
- Figure 3: Sample Phishing.
- Figure 4: Sample Phishing.
- Figure 5: Phishing.
- Figure 6: American Express Phishing.
Recommended Action
- Make sure that your FortiGate/FortiClient system is using the latest AV database.
- Quarantine/delete files that are detected and replace infected files with clean backup copies.
Telemetry
Detection Availability
| FortiGate | |
|---|---|
| FortiClient | |
| FortiAPS | |
| FortiAPU | |
| FortiMail | |
| FortiSandbox | |
| FortiWeb | |
| Web Application Firewall | |
| FortiIsolator | |
| FortiDeceptor | |
| FortiEDR |
Version Updates
| Date | Version | Detail |
|---|---|---|
| 2023-12-08 | 91.09541 | |
| 2023-11-06 | 91.08574 | |
| 2020-04-14 | 76.70200 | Sig Updated |
| 2019-10-17 | 72.40100 | Sig Updated |
| 2019-10-15 | 72.34800 | Sig Updated |
| 2019-08-26 | 71.15400 | Sig Updated |
| 2019-08-24 | 71.08900 | Sig Updated |
| 2019-08-23 | 71.08300 | Sig Updated |
| 2019-08-20 | 71.02600 | Sig Updated |
| 2019-08-19 | 70.83200 | Sig Updated |