Search

script: https://i.{BLOCKED}r.com/96vV0YR.png http://oi65.{BLOCKED}c.com/2z8thcz.jpg Connects to the following URL to check the country of the IP address: https://{BLOCKED}o.io/country The malware does not

message and URL inside the PDF, tricking users to click on the link: PDF/Phishing.A.Gen trojan (NOD32) Spammed via email, Dropped by other malware Connects to URLs/IPs

message and URL inside the PDF, tricking users to click on the link: Dropped by other malware, Spammed via email Connects to URLs/IPs

writing, the said site is inaccessible. --> NOTES: This Trojan shows the following fake message and URL inside the PDF, tricking the users to click on the link:

visiting malicious sites. Download Routine This Trojan downloads the file from the following URL and renames the file when stored in the affected system: http://{BLOCKED}la.com/fwltxgf.exe It saves the files

CVE-2008-1368 CRLF injection vulnerability in Microsoft Internet Explorer 5 and 6 allows remote attackers to execute arbitrary FTP commands via an ftp:// URL that contains a URL-encoded CRLF (%0D%0A)

functions. This browser plug-ins checks for the value of the following: SCode URL Epoch S/Kryptik.ATB trojan (ESET-NOD32), JS:Trojan.Script.CMT (BitDefender) Downloaded from the Internet, Dropped by other

URL. The URL where this malware downloads the said file depends on the parameter passed on to it by its components. Other Details This Trojan requires its main component to successfully perform its

\Users\{user name}\AppData\Local\Temp on Windows Vista and 7.) It downloads a possibly malicious file from a certain URL. The URL where this malware downloads the said file depends on the parameter passed

NOTES: This Trojan is used to create a network traffic as transport device interface for the URL {BLOCKED}new.{BLOCKED}google.com. It may connect to the following: {BLOCKED}2.4.{BLOCKED}3.78 on ports 80,

a file from a certain URL then renames it before storing it in the affected system. As of this writing, the said sites are inaccessible. Arrival Details This Trojan arrives as an attachment to email

a file from a certain URL then renames it before storing it in the affected system. As of this writing, the said sites are inaccessible. Arrival Details This Trojan arrives as an attachment to email

clicked, it connects to the malicious URL and executes the downloaded file. It displays a message box once the downloaded file is successfully run. Spammed via email Connects to URLs/IPs, Downloads files,

file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. Other Details This spyware does the following: Opens the following possibly malicious url in the

malicious file: https://{BLOCKED}ntation.com:443/{pseudo-random characters} It saves downloaded files into certain folders. Other Details This Trojan does the following: It accesses a URL that is

or as a file downloaded unknowingly by users when visiting malicious sites. Download Routine This Trojan downloads the file from the following URL and renames the file when stored in the affected

Verifier Cache Remote Code Execution (CVE-2012-1723) It downloads a possibly malicious file from a certain URL. The URL where this malware downloads the said file depends on the parameter passed on to it by

Description Name: Data-stealing malware - URL used as drop site - HTTP (Request) . This is Trend Micro detection for packets passing through HTTP network protocols that can be used as N/A. This also indicates a malware infection. Below are some indic...

following URL: http://wmi.my{BLOCKED}u:8888/kill.html It access the following URL where it downloads a file and then execute: http://wmi.my{BLOCKED}u:8888/test.html However, as of this writing, the said sites

This Trojan does the following: It disguises itself as a login page to confirm a shipment. It displays a fake error message upon signing in. It connects to the following URL to get the image for the fake