Search
Keyword: JS_XORBAT.A
banking or finance-related websites. It attempts to get information from a list of banks or financial institutions. Dropping Routine This spyware drops the following files: %Application Data%\{random1}\
This spyware may be dropped by other malware. It may be unknowingly downloaded by a user while visiting malicious websites. It creates folders where it drops its files. It modifies the Internet
This Trojan arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. Arrival Details This Trojan arrives on a system as a
This Trojan arrives as an attachment to spammed email claiming to be from a security researcher. It drops a malicious JavaScript that drops a backdoor. To get a one-glance comprehensive view of the
This Trojan may be hosted on a website and run when a user accesses the said website. Arrival Details This Trojan may be hosted on a website and run when a user accesses the said website. NOTES: Once
This Trojan arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. However, as of this writing, the said sites are
(IE) activities of the affected system, specifically the address bar or title bar. It recreates a legitimate website with a spoofed login page if a user visits banking sites with the following strings
This spyware may be dropped by other malware. It may be unknowingly downloaded by a user while visiting malicious websites. It creates folders where it drops its files. It may be injected into
downloaded by a user while visiting the following malicious websites: http://{BLOCKED}t.net:81/sx14nx7/fda.exe Installation This spyware adds the following folders: %Application Data%\{random1} %Application
This worm may be dropped by other malware. It may be unknowingly downloaded by a user while visiting malicious websites. It also has rootkit capabilities, which enables it to hide its processes and
This Trojan may be downloaded by other malware/grayware/spyware from remote sites. It may be hosted on a website and run when a user accesses the said website. It executes the downloaded files. As a
BLOCKED: http://img130.imagehacks.ws/img130/4302/logo.jpeg This Trojan executes when a user accesses certain websites where it is hosted. It may be hosted on a website and run when a user accesses
Vulnerability to allow an attacker to run commands on the affected system. To get a one-glance comprehensive view of the behavior of this Trojan, refer to the Threat Diagram shown below. Arrival Details This
This Trojan executes when a user accesses certain websites where it is hosted. It may be hosted on a website and run when a user accesses the said website. As of this writing, the said sites are
This JavaScript file links to a malicious link which contains a fake video entitled, "This is the best April Fools' prank ever!" . After attempting to play the video, it prompts the user to login.
This Trojan may be hosted on a website and run when a user accesses the said website. However, as of this writing, the said sites are inaccessible. This is the Trend Micro detection for files that
This backdoor arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. Arrival Details This backdoor arrives on a system as a
This spyware arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. It modifies the Internet Explorer Zone Settings. It
This Trojan arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. Arrival Details This Trojan arrives on a system as a
This Trojan arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. Arrival Details This Trojan arrives on a system as a