W32/Funlove.4099
Analysis
- Virus is 32bit, with a size of 4099 bytes
- Virus appends its code to the tail of PE files
- this code is written as a small executable file
named FLCSS.EXE on new host systems
- Virus seeks available machines across a LAN or
WAN and attempts to infect them, then writes the file
FLCSS.EXE to the Windows\System folder of available
machines
- Systems which are disinfected may become re-infected
from a network user which is infected
- Virus contains this string in the virus code -
~Fun Loving Criminal~
Recommended Action
Check the web interface for your Fortigate unit to ensure the latest AV/NIDS definitions have been downloaded and installed on your system - if required, enable the "Allow Push Update" option
Telemetry
Detection Availability
FortiGate | |
---|---|
Extreme | |
FortiClient | |
Extended | |
FortiMail | |
Extended | |
FortiSandbox | |
Extended | |
FortiWeb | |
Extended | |
Web Application Firewall | |
Extended | |
FortiIsolator | |
Extended | |
FortiDeceptor | |
Extended | |
FortiEDR |