• Virus is 32bit, with a UPX compressed size of 52,898 bytes
  • Virus may copy itself to the Windows folder, then modify the registry to run at Windows startup, as in this example –

    System Tray = C:\Windows\msccn32.exe

    System Tray = C:\Windows\msccn32.exe

  • Virus will scavenge the local drive for email addresses and send a copy of itself to addresses found in varying email formats, based on a randomly selected subject line and body text

  • The attachment will be 52,898 bytes and with a .PIF extension

  • Virus may attempt to connect to systems on a network and copy itself to the StartUp folder if a writable share is located

Recommended Action

  • Ensure that you are using the minimum FortiGate Definition version (listed at the top of this description).
  • As an added measure of security, you may choose to block files with the extensions: ".PIF", and ".PI*".