As part of Fortinet’s continued efforts to protect its customers, we carry out a variety of tests to improve the detection of malicious content, whether it’s file or network related. While checking out some HTTPS phishing websites last month, one URL stood out. It wasn’t a phishing site, but it downloaded a file called BR52357896253ex.zip (which is detected as “Java/Banload.BD!tr” by Fortinet AntiVirus service) from a file sharing website. The compressed file also contained a Jar that downloaded additional files, created Visual Basic scripts and a schedule task, and executed a malicious DLL that injected itself into a legitimate process to steal the login credentials typed by the user on specific websites.
Fortinet Blog
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.