Virus

W32/TrojanDropper.fam

Analysis

  • Modifies the main page of Microsoft Internet Explorer to the following:

    by modifying the registry subkey:
    HKCU\Software\Microsoft\Internet Explorer\Main
  • Lowers internet security settings by modifying the following values in the registry:
    • SYSTEM = 0
    • CurrentLevel = 1000
    • Flags = 1
    • 1001 = 0
    • 1004 = 0
    • 1200 = 0
    • 1201 = 1
    • 1400 = 0
    • 1402 = 0
    • 1405 = 0

Recommended Action

    FortiGate systems:
  • Check the main screen using the web interface for your FortiGate unit to ensure that the latest AV/NIDS database has been downloaded and installed on your system - if required, enable the "Allow Push Update" option