W32/Binet !tr
Analysis
Specifics
This threat is a downloader which retrieves adware from
a hosted Internet server. This downloader/dropper threat
is typically installed when visiting web sites which
host adware. Common websites include porn sites, video
game cheat code sites and gambling web sites.
The web page may write a dropper/installer file named "insttt.exe" and known to FortiGate AV definitions as "W32/Binet-dr" - this dropper file is then executed. Next the adware retrieved from hosting servers.
Miscellaneous
Comments associated with the adware include this -
"Utility for downloading files and upgrading software. Visit www.abetterinternet.com for more info."
Recommended Action
- Check the main screen using the web interface for
your FortiGate unit to ensure that the latest AV/NIDS
database has been downloaded and installed on your
system - if required, enable the "Allow Push
Update" option
- Using the FortiGate manager, add these IP addresses
and website names to the list of URLs to block -
69.90.32.140
69.90.32.141
thinstall.abetterinternet.com
download.abetterinternet.com