Adware/Agent
Analysis
Adware/Agent is classified as Adware.
Adware are software components that display unsolicited advertisements.
For additional information about Adware, and how Fortinet classifies
Spyware threats please see Fortinet's paper in PDF format:
Spyware Classification and Terms.
- It drops a file with an extension of .fld. It copies the filename of the original executable file. For example, if the original executable file is randomFile.exe, it drops the file named randomFile.fld. This .fld file is a text file containing the path for the malicious copy of itself.
- This malware chooses a path by looking for a random folder under the Program Files folder. It then copies a random filename from the chosen folder. Files that are chosen are usually those that have an extension than is not exe. It then drops a copy of itself to that directory using the copied filename with the exe extension name.
Recommended Action
- FortiGate Systems
- Check the main screen using the web interface for your FortiGate unit to ensure that the latest AV/NIDS database has been downloaded and installed on your system - if required, enable the 'Allow Push Update' option.
FortiClient Systems
- Quarantine/delete files that are detected and replace infected files with clean backup copies.
Telemetry
Detection Availability
FortiGate | |
---|---|
FortiClient | |
FortiAPS | |
FortiAPU | |
FortiMail | |
FortiSandbox | |
FortiWeb | |
Web Application Firewall | |
FortiIsolator | |
FortiDeceptor | |
FortiEDR |