Virus

Riskware/OpenCandy

Analysis


Riskware/OpenCandy is a generic detection for a type of grayware that downloads and installs other potentially unwanted software. Since this is a generic detection, files that are detected as Riskware/OpenCandy may vary in the unwanted software it is trying to download. One of the applications that we have seen it download is The Weather Channel.

  • It performs DNS query to the following name:
    • api.opencandy.com

  • Below is a screenshot of the traffic packets made by this installer:

    • Figure 1: DNS query.

Recommended Action

  • Make sure that your FortiGate/FortiClient system is using the latest AV database.
  • Quarantine/delete files that are detected and replace infected files with clean backup copies.