Skip to main content
MikeRigsby
MikeRigsby
New Member
March 17, 2016
Solved

Virus/Worm detected: JS/Moat.2081C96D!tr hits on FortiGate 200D FW: v5.2.2, build642

  • March 17, 2016
  • 1 reply
  • 12739 views

We are getting alerts from various network PCs alerting to Virus/Worm detected: JS/Moat.2081C96D!tr with Destination IPs directing to various website hosts, like Digital Ocean or GoDaddy.

 

MOAT.js is a legitimate javascript API but the email alerts are so cryptic that it's tough to tell if these alerts are legitimate activity, like the local Java installation attempting to update, or if they're actually a Worm attempting to communicate out.

 

Has anyone else seen these alerts and perhaps have more information on "Virus/Worm detected: JS/Moat.2081C96D!tr" since there isn't much of anything in any virus definition database online discussing details of it.

    Best answer by DCTI

    Also seeing this.  ESET does not pick this up after doing an on-demand scan.

    1 reply

    DCTI
    DCTIAnswer
    New Member
    March 17, 2016

    Also seeing this.  ESET does not pick this up after doing an on-demand scan.

    MikeRigsby
    MikeRigsbyAuthor
    New Member
    March 17, 2016

    Yeah, same here. We're running ESET and all scans come back clean, which is why I'm wondering if this is a false positive from our Fortigate.

    akaur786
    akaur786
    New Member
    March 17, 2016

    We are runnignj fortigate 310 B FW  v5.0,build0271 We are also having same issue.Atleast 5 users got blocked from web today and When i ran Reports in Fortianalyser for them below threat name are listed:

     

    JS/Moat.2081C96D!tr 3

    JS/Moat.A9BA34BC!tr 3

    JS/Redirector.CN!tr

    Terms & ConditionsAccessibility statement