Virus

W32/Rux.E!tr.bdr

Analysis



  • It drops a copy of itself as undefinedSystemDirundefined\FlyingMarqu.scr.

  • The malware also attempts connection to "wwp.mirabilis.com", note that it used "wwp" instead of "www" and thus would fail this name hosts resolve, mirabilis is a known hosts for ICQ, this malware may possibly intend to using this avenue to obtain backdoor remote commands.


  • Recommended Action

    • Make sure that your FortiGate/FortiClient system is using the latest AV database.
    • Quarantine/delete files that are detected and replace infected files with clean backup copies.