Search
Keyword: URL
CertificateRevocation = "0" Other Details When users agree to buy the software, it connects to the following URL to continue the purchase: {BLOCKED}low.org {BLOCKED}ought.org {BLOCKED}rface.org {BLOCKED}ept.org {BLOCKED
(TCP/UDP Flooding) Retrieve Stored Browser Passwords Update / Remove self Download and execute arbitrary files USB Spreader Visit a URL / Display pop-up advertisements It connects to the following URL(s) to
" HKEY_CURRENT_USER\Software\Microsoft\ WAB\WAB4\Wab File Name Default = "%Application Data%\Microsoft\Address Book\winxp.wab" Download Routine This spyware downloads the file from the following URL and renames the
Routine This Trojan executes the following commands from a remote malicious user: Download and execute files Perform Slowloris flooding Execute shell commands Copy itself in removable drives Open a URL
the contents of the configuration file. The configuration file also contains the drop zone where it sends stolen information, the URL where the configuration file can be downloaded, the codes for web
the said registry entry is http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome .) HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ Windows\CurrentVersion\URL\ Prefixes www = "http://www.{BLOCKED
{8FE24C7B-78F2-4B29-9357-84C3B4625AEE} DisplayName = "????" HKEY_CURRENT_USER\Software\Microsoft\ Internet Explorer\SearchScopes\{8FE24C7B-78F2-4B29-9357-84C3B4625AEE} URL = "http://s8.{BLOCKED}o.com/search?q={searchTerms}&pid
{120E090D-9136-4b78-8258-F0B44B4BD2AC} MenuStatusBar = "MaxSpeed" HKEY_CURRENT_USER\Software\Microsoft\ Internet Explorer\Main Use Custom Search URL = "1" HKEY_CURRENT_USER\Software\Microsoft\ Internet Explorer\Main Search Bar =
When users agree to buy the software, it connects to the following URL to continue the purchase: http://{BLOCKED}.{BLOCKED}.174.135 http://{BLOCKED}.{BLOCKED}.170.125
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\ Services\wuauserv Rogue Antivirus Routine When users agree to buy the software, it connects to the following URL to continue the purchase: {BLOCKED}kymyje.com {BLOCKED
to purchase the full version of the software. When users agree to buy the software, it connects to the following URL to continue the purchase: http://{BLOCKED}ail.org
\CurrentControlSet\ Services\RapportMgmtService Other Details This Trojan deletes the initially executed copy of itself NOTES: It connects to the following URL to inform a remote malicious user of its installation:
commands. It also connects to a URL in order to listen for these commands as well. This worm arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting
product, users are directed to a certain website asking for sensitive information, such as credit card numbers. When users agree to buy the software, it connects to the following URL to continue the
URL to continue the purchase: http://{BLOCKED}begun.org/customers/buy.php NOTES: It changes the attributes of the files on the affected system to Hidden . This is to trick users that the system has
Opera Mini at http://{BLOCKED}y.ru/get/1oZpW , or click Next to automatically reboot. Button Выход : Exit Button Открыть : Open Clicking the button Открыть (Open), the user is directed to the URL http://
contents of the configuration file. The configuration file also contains the "drop zone" where it sends stolen information, URL where the configuration file can be downloaded, codes for web inject, and
information, URL where the configuration file can be downloaded, codes for web inject, and monitored URLs. Other Details It does not have rootkit capabilities. It does not exploit any vulnerability.
spyware attempts to get information from a list of banks or financial institutions. Drop Points The said file is then sent to the following URL via HTTP POST: http://{BLOCKED}.{BLOCKED}.211.116/zs/gate.php
to the following URL: {BLOCKED}ine.no-ip.biz:81 However, as of this writing, the said URL is inaccessible. Worm:Win32/Ainslot.A (Microsoft) Propagates via removable drives Drops files, Steals