Virus

Adware/ExitFuel

Analysis

Adware/ExitFuel when browsed or executed hides or minimizes the window shown below:

         

This adware displays popup images with links described below:

Auction Citieslink to auctioncities.com
Satisfy the IMPULSElink to http://passion.com
Where can you find Hollywood's Hottest Stars?link to http://www.netbroadcaster.com
Crystal Palace Online Casinolink to http://www.crystalpalacecasino.com
The Groovy Movie Showlink to http://www.netbroadcaster.com/new/movies/groovy.html
Welcome to PartyBingo.comDownloads PartyBingo.exe
5 million beautiful singleslink to http://www.date.com/
Streamwaves joins the Rhapsody Revolutionlink to http://www.date.com/
Never cross the room to talk to a snob again.link to http://www.date.com/
Bikini Screen SaverDownloads "Bikini Screen Saver"

Listed below are the sites visited in executing this javascript Adware:

crystalpalacecasino.com
www.accessmedia.tv
z1.adserver.com
www.auctioncities.com
passion.com
update.contentdeliverymodule.com
www.date.com
ifcol.exitfuel.com
cdn.fastclick.net
download.fordaleltd.com, dldw.fordaleltd.com, www2.fordaleltd.com nitrous.internetfuel.com, adserv.internetfuel.com, banserver.internetfuel.com friendfinder.m7z.net
www.netbroadcaster.com
www.onlinemediasales.com
www.partybingo.com, tracker.partybingo.com
ads.primeinteractive.net
www.promotionstat.com
www-web.real.com
www.streamwaves.com
download.targetnetworks.net
banners.valuead.com, bsads.valuead.com

Recommended Action

  • Check the main screen using the web interface for your FortiGate unit to ensure that the latest AV/NIDS database has been downloaded and installed on your system - if required, enable the "Allow Push Update" option