W32/Small.JG!tr
Analysis
This threat was not observed to perform any malicious
actions against the system. It connects to adware servers
in order to distribute popups and website promotional
material to the compromised system.
The threat will initially open a web browser to the
site 'c.qckjmp.com' and is then redirected to the website
'emartresearchgroup.com' and is then directed to the
site 'serve.alcena.com'. It is the last web site that
offers the browsing client to receive a free gift if
only they fill out a lengthy survey.
Recommended Action
- check the main screen using the web interface to ensure the latest AV/NIDS database has been downloaded and installed -- if required, enable the "Allow Push Update" option
FortiGate systems:
Telemetry
Detection Availability
FortiClient | |
---|---|
Extreme | |
FortiMail | |
Extreme | |
FortiSandbox | |
Extreme | |
FortiWeb | |
Extreme | |
Web Application Firewall | |
Extreme | |
FortiIsolator | |
Extreme | |
FortiDeceptor | |
Extreme | |
FortiEDR |