Fareit

Description

Fareit is typically installed alongside other malware or bots and is designed to steal user credentials from many different Internet browsers for use by cybercriminals. Some variants also search for credentials used in common FTP (File Transfer Protocol) clients.

Symptoms

Some possible symptoms include, but are not limited to:

• Connection attempts to known Command & Control (C&C) servers or IP addresses
• Increased outbound network traffic, indicating the possibility of participating in a DDoS attack
• Addition of additional information inside Windows registry entries

Analysis

Fareit is used primarily for two purposes: to steal user information and to participate in Distributed Denial of Service attacks.

It also will search an infected computer for stored information inside popular FTP programs such as server names and port numbers, as well as usernames and passwords.

It will also create or modify the Windows registry to ensure it executes on every start or reboot.

Instructions

It is not recommended that any attempts to remove this malware be performed manually. Fortinet recommends that you remove this threat by running a complete scan of your system using FortiClient Endpoint Protection.