Virus

W32/Saye!tr

Analysis

  • Trojan is 32bit with a compressed file size of 7,541 bytes
  • Trojan is a hacking tool used to exploit systems which are not patched with the RPC DCOM patches from Microsoft
  • The Trojan is a command line program which could be used to compromise a system by exploiting a RPC buffer overflow exploit against a target system
  • If the hacking tool is successful at exploiting the target, the target system could have a newly created user account named "e" with a password of "asd#321"

Recommended Action

  • Check the main screen using the web interface for your FortiGate unit to ensure that the latest AV/NIDS database has been downloaded and installed on your system - if required, enable the "Allow Push Update" option
  • Ensure all systems are updated with the latest Microsoft patches against RPC DCOM exploits