W97M/Ostrich.B
Analysis
- Virus exists within the class macro storage
- Virus hooks Word event handler which prevents the
opening or closing of infected files, or creating
new ones in an infected host
- Virus is highly polymorphic due to algorithmic
variable replacement within its virus code
- Virus contains a date comparison routine which is never true - the code will only execute if it is the 34th day of the month
Telemetry
Detection Availability
FortiClient | |
---|---|
Extreme | |
FortiMail | |
Extreme | |
FortiSandbox | |
Extreme | |
FortiWeb | |
Extreme | |
Web Application Firewall | |
Extreme | |
FortiIsolator | |
Extreme | |
FortiDeceptor | |
Extreme | |
FortiEDR |