virus logo Virus

Riskware/OpenCandy

description-logoAnalysis


 Riskware/OpenCandy is a generic detection for a type of grayware that downloads and installs other potentially unwanted software. Since this is a generic detection, files that are detected as Riskware/OpenCandy may vary in the unwanted software it is trying to download. One of the applications that we have seen it download is The Weather Channel.

  • It performs DNS query to the following name:
    • api.opencandy.com

  • Below is a screenshot of the traffic packets made by this installer:

    • Figure 1: DNS query.

recommended-action-logoRecommended Action

  • Make sure that your FortiGate/FortiClient system is using the latest AV database.
  • Quarantine/delete files that are detected and replace infected files with clean backup copies.

Telemetry logoTelemetry

Detection Availability

FortiGate
Extended
FortiClient
FortiMail
FortiSandbox
FortiWeb
Web Application Firewall
FortiIsolator
FortiDeceptor
FortiEDR

Version Updates

Date Version Detail
2024-04-24 92.03667
2024-04-24 92.03655
2024-04-22 92.03607
2024-04-21 92.03581
2024-04-20 92.03553
2024-04-19 92.03506
2024-04-17 92.03457
2024-04-17 92.03456
2024-04-17 92.03452
2024-04-17 92.03451
ID 3764341
Released Sep 16, 2014
Description
Updated		 Nov 13, 2014
Aliases WebToolbar.Win32.Agent.avl, Win32/OpenCandy
Platform Profile Riskware is a term for potentially unwanted or dangerous software programs that do not fall under Adware. They could be legitimate software applications that may be misused and pose possible security risks to users.