VirusW32/Funlove.4099
Analysis
- Virus is 32bit, with a size of 4099 bytes
- Virus appends its code to the tail of PE files
- this code is written as a small executable file
named FLCSS.EXE on new host systems
- Virus seeks available machines across a LAN or
WAN and attempts to infect them, then writes the file
FLCSS.EXE to the Windows\System folder of available
machines
- Systems which are disinfected may become re-infected
from a network user which is infected
- Virus contains this string in the virus code -
~Fun Loving Criminal~
Recommended Action
Check the web interface for your Fortigate unit to ensure the latest AV/NIDS definitions have been downloaded and installed on your system - if required, enable the "Allow Push Update" option
Telemetry
Detection Availability
| FortiGate | |
|---|---|
| Extreme | |
| FortiClient | |
| Extended | |
| FortiMail | |
| Extended | |
| FortiSandbox | |
| Extended | |
| FortiWeb | |
| Extended | |
| Web Application Firewall | |
| Extended | |
| FortiIsolator | |
| Extended | |
| FortiDeceptor | |
| Extended | |
| FortiEDR |