W32/Swizzor.G!tr
Analysis
Trojan attempts to download binary files from a hard-coded URL. The Trojan may have been distributed as an email attachment, and sent using an anonymous remailer program by a malicious user. If the Trojan is run, it will attempt to determine the IP address of the web address 'u19484.bins.lop.com' and retrieve an executable file. If the file is retrieved it is then run.
At the time of this writing, the file had been removed from the server.
Recommended Action
Check the main screen using the web interface for your FortiGate unit to ensure that the latest AV/NIDS database has been downloaded and installed on your system - if required, enable the "Allow Push Update" option
Telemetry
Detection Availability
FortiGate | |
---|---|
Extended | |
FortiClient | |
FortiMail | |
FortiSandbox | |
FortiWeb | |
Web Application Firewall | |
FortiIsolator | |
FortiDeceptor | |
FortiEDR |