VirusJS/Ject.B
Analysis
Specifics
This threat combines vulnerabilities and exploits in order to run its code. It has been speculated that several websites were compromised and the malicious code was uploaded to these websites.
One of the scripts uses an Object Data tag to download and run 'help.chm'. This compiled html file extracts a binary "helper.exe". The file "helper.exe" may download
Adware components. In addition, the Internet browser may be directed or redirected to a web page, and the start page may be modified.
The threat uses a combination of misdirection, encoded
scripting, and a "msits/mhtml" vulnerability in order to
execute code on the target system.
Recommended Action
- Check the main screen using the web interface for
your FortiGate unit to ensure that the latest AV/NIDS
database has been downloaded and installed on your
system - if required, enable the "Allow Push
Update" option
Telemetry
Detection Availability
| FortiClient | |
|---|---|
| Extreme | |
| FortiMail | |
| Extreme | |
| FortiSandbox | |
| Extreme | |
| FortiWeb | |
| Extreme | |
| Web Application Firewall | |
| Extreme | |
| FortiIsolator | |
| Extreme | |
| FortiDeceptor | |
| Extreme | |
| FortiEDR |