VirusW97M/Ostrich.B
Analysis
- Virus exists within the class macro storage
- Virus hooks Word event handler which prevents the
opening or closing of infected files, or creating
new ones in an infected host
- Virus is highly polymorphic due to algorithmic
variable replacement within its virus code
- Virus contains a date comparison routine which is never true - the code will only execute if it is the 34th day of the month
Telemetry
Detection Availability
| FortiClient | |
|---|---|
| Extreme | |
| FortiMail | |
| Extreme | |
| FortiSandbox | |
| Extreme | |
| FortiWeb | |
| Extreme | |
| Web Application Firewall | |
| Extreme | |
| FortiIsolator | |
| Extreme | |
| FortiDeceptor | |
| Extreme | |
| FortiEDR |