X97M/Barisada.D
Analysis
- Virus hooks Excel event handler which prevents
the opening of infected files in order to run its
code
- Virus exists in the class code module, normally
named "ThisWorkbook"
- Virus verifies if it has infected the Excel environment by searching for the file "khm.xls" in the XLStart folder - if the file does not exist, a new workbook is created, infected and then saved as "khm.xls" in the XLStart folder
Recommended Action
Check the main screen using the web interface for your FortiGate unit to ensure that the latest AV/NIDS database has been downloaded and installed on your system - if required, enable the "Allow Push Update" option
Telemetry
Detection Availability
FortiClient | |
---|---|
Extreme | |
FortiMail | |
Extreme | |
FortiSandbox | |
Extreme | |
FortiWeb | |
Extreme | |
Web Application Firewall | |
Extreme | |
FortiIsolator | |
Extreme | |
FortiDeceptor | |
Extreme | |
FortiEDR |