HTML/FakeAlert.MD!tr

description-logoAnalysis



HTML/FakeAlert.MD!tr is a generic detection for an HTML phishing page. Since this is a generic detection, this malware may have varying behaviour.
Below are some of its observed characteristics/behaviours:

  • The official looking website contains hyperlinks that looks like it points to the legitimate Microsoft support websites. However, underneath it points to malicious websites altogether. The remote sites are listed below:
    • hxxp://{Removed}microsoftsupport.com/chrome-assests/bootstrap.css
    • hxxp://{Removed}microsoftsupport.com/chrome-assests/jquery-1.js
    • hxxp://{Removed}microsoftsupport.com/chrome-assests/translator.css
    • hxxp://{Removed}microsoftsupport.com/chrome-assests/alert.css
    • hxxp://{Removed}microsoftsupport.com/chrome-assests/style.css
    • hxxp://{Removed}microsoftsupport.com/chrome-assests/iframe.js
    • hxxp://{Removed}microsoftsupport.com/WYoQh/chrome-assests/retreaver.js
    • hxxp://{Removed}microsoftsupport.com/chrome-assests/retreaver.js
    • hxxp://{Removed}microsoftsupport.com/UjjaZ/chrome-assests/alert.css
    • hxxp://{Removed}microsoftsupport.com

  • This site also presents an alert message claiming that the user's computer is infected with malware. Next, it asks the user to call a specific phone number to prevent further damage to user?s system.

  • Below are some examples of web pages that are detected as HTML/FakeAlert.MD!tr:

    • Figure 1: Prompt message.


    • Figure 2: Fake Microsoft support website.


    • Figure 3: Prompt message.


    • Figure 4: Prompt message.


    • Figure 5: Prompt message.


recommended-action-logoRecommended Action

  • Make sure that your FortiGate/FortiClient system is using the latest AV database.
  • Quarantine/delete files that are detected and replace infected files with clean backup copies.

Telemetry logoTelemetry

Detection Availability

FortiGate
Extended
FortiClient
Extreme
FortiAPS
FortiAPU
FortiMail
Extreme
FortiSandbox
Extreme
FortiWeb
Extreme
Web Application Firewall
Extreme
FortiIsolator
Extreme
FortiDeceptor
Extreme
FortiEDR

Version Updates

Date Version Detail
2020-08-25 79.88800 Sig Updated
2020-05-27 77.72700 Sig Added
2019-11-22 73.26100 Sig Updated
2019-05-03 68.25100 Sig Added
2019-05-03 68.24700 Sig Updated
2019-03-26 67.33800 Sig Updated