Riskware/OpenCandy is a generic detection for a type of grayware that downloads and installs other potentially unwanted software. Since this is a generic detection, files that are detected as Riskware/OpenCandy may vary in the unwanted software it is trying to download. One of the applications that we have seen it download is The Weather Channel.
- It performs DNS query to the following name:
- Below is a screenshot of the traffic packets made by this installer:
- Figure 1: DNS query.
- Make sure that your FortiGate/FortiClient system is using the latest AV database.
- Quarantine/delete files that are detected and replace infected files with clean backup copies.