Virus

W32/Binet !tr

Analysis


Specifics
This threat is a downloader which retrieves adware from a hosted Internet server. This downloader/dropper threat is typically installed when visiting web sites which host adware. Common websites include porn sites, video game cheat code sites and gambling web sites.

The web page may write a dropper/installer file named "insttt.exe" and known to FortiGate AV definitions as "W32/Binet-dr" - this dropper file is then executed. Next the adware retrieved from hosting servers.


Miscellaneous
Comments associated with the adware include this -

"Utility for downloading files and upgrading software. Visit www.abetterinternet.com for more info."


Recommended Action

  • Check the main screen using the web interface for your FortiGate unit to ensure that the latest AV/NIDS database has been downloaded and installed on your system - if required, enable the "Allow Push Update" option
  • Using the FortiGate manager, add these IP addresses and website names to the list of URLs to block -

    69.90.32.140
    69.90.32.141
    thinstall.abetterinternet.com
    download.abetterinternet.com