Virus

JV/Nocheat

Analysis

  • Trojan is a Java applet, compiled from a source file named "nocheat.java"
  • Trojan is only a threat on systems that are not patched with the latest Java Virtual Machine (VM) updates
  • If Java is enabled, and a system is vulnerable to the specific JVM exploit, the applet could read and write Internet Explorer configuration information from the system registry
  • The Trojan code could manipulate the values of the Main Page, Start Page, Search Page or other custom pages, and may add unsafe web sites into the "SafeSites" settings in the registry location -

    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\
    Internet Settings\SafeSites

  • Trojan could manipulate the installed "hosts." file located in the path -

    undefinedWindowsundefined\System32\drivers\etc\hosts

Recommended Action

  • Check the main screen using the web interface for your FortiGate unit to ensure that the latest AV/NIDS database has been downloaded and installed on your system - if required, enable the "Allow Push Update" option