Search
Keyword: URL
Manager\Accounts\Bigfoot LDAP URL = "http://www.{BLOCKED}t.com" HKEY_CURRENT_USER\Software\Microsoft\ Internet Account Manager\Accounts\Bigfoot LDAP Search Return = "64" HKEY_CURRENT_USER\Software\Microsoft
"ldap.bigfoot.com" HKEY_CURRENT_USER\Software\Microsoft\ Internet Account Manager\Accounts\Bigfoot LDAP URL = "http://www.{BLOCKED}t.com" HKEY_CURRENT_USER\Software\Microsoft\ Internet Account Manager\Accounts
" HKEY_CURRENT_USER\Software\Microsoft\ Internet Account Manager\Accounts\Bigfoot LDAP Server = "ldap.bigfoot.com" HKEY_CURRENT_USER\Software\Microsoft\ Internet Account Manager\Accounts\Bigfoot LDAP URL = "http://www.
cybercriminals behind this attack not only used a convincing interface for the fake Adobe installer, they also utilized a URL that strongly suggested that it is an Adobe -related site. How do affected users remove
network for machines using VNC Send links via MSN Messenger Spread via USB TCP flooding UDP flooding Update itself Visit a URL It propagates through the following P2P applications: Ares BearShare DC++ Emule
connects to a URL to send and receive information. This worm may be downloaded by other malware/grayware/spyware from remote sites. It may be unknowingly downloaded by a user while visiting malicious
malicious file from a certain URL. The URL where this malware downloads the said file depends on the parameter passed on to it by its components. Information Theft This backdoor gathers the following data: OS
from a remote malicious user: MSN spreader P2P Spreader DDOS (TCP/UDP Flooding) Retrieve Stored Browser Passwords Update / Remove self Download and execute arbitrary files USB Spreader Visit a URL /
configuration file contains a URL where the malware can download other files, an update of itself, file name to use, and malware version. If an update of itself is available, it renames itself to old_dd800s.exe ,
will be monitored by the malware. It also contains the drop zone and the URL where a backup configuration file can be downloaded. Information Theft It monitors the browser activities of the affected
Manager [CLASS:ConsoleWindowClass] Download Routine This worm accesses the following websites to download files: http://www.avira.com - non-malicious URL It saves the files it downloads using the following
the rogue product, users are directed to a certain website asking for sensitive information, such as credit card numbers. When users agree to buy the software, it connects to the following URL to
of Google search function, wherein it returns a link that contains the malicious URL and file when a user keys in Tsunami hitting Hawaii. To get a one-glance comprehensive view of the behavior of this
connects to a URL to send and receive information. This worm may be downloaded by other malware/grayware/spyware from remote sites. It may be unknowingly downloaded by a user while visiting malicious
) NOTES: It connects to the following URL to send and receive information: ssl.{BLOCKED}ed-clouder.com dns.{BLOCKED}ed-clouder.com Collects system information, Steals information
uses the following URL Query strings to send data via HTTP POST: sendlog.php name="logfile" file name="User Temp%\system.log" recvdata.php rawdata={data} tmpdata={data} procdata={data} Downloaded from
overwrites with the encrypted binary from URL (Note: %User Temp% is the user's temporary folder, where it usually is C:\Documents and Settings\{user name}\Local Settings\Temp on Windows 2000, Windows Server
Temp%\tep-D366.txt - overwrites with the encrypted binary from URL (Note: %User Temp% is the user's temporary folder, where it usually is C:\Documents and Settings\{user name}\Local Settings\Temp on
application. It needs another plugin/component gforce_dll for its URL spoofing for the following websites: hotmail.com facebook.com live.com Trojan-Dropper.Win32.Injector.jsuq, Trojan.Autoit.F (VBA32) ZeuS, More
file setm.ini . This configuration file contains the following: Sleep time of the malware URL it connects to File names of the component files Bot ID It connects to the following remote site to download