Search
Keyword: ms
Description Name: CVE-2017-5689 - Authentication bypass - HTTP (Request) . This is Trend Micro detection for packets passing through HTTP network protocols that can be used as Point of Entry or Lateral Movement. This also indicates a malware infectio...
file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. Installation This Trojan adds the following processes: "%System%\cmd.exe" /C Ms^Ie^Xe^C /i
Description Name: CVE-2022-30216 - WINDOWS SERVER SERVICES TAMPERING EXPLOIT - SMB2(REQUEST) . This is Trend Micro detection for packets passing through SMB2 network protocols that can be used as Point of Entry or Lateral Movement. This also indicate...
credentials from the following: MS Outlook MS Outlook Express Gmail Google Talk Google Picasa GMail Notifier Google Desktop Search Mail Yahoo! Mail IncrediMail Mozilla Thunderbird FoxMail Windows Live Mail MSN
itself whenever the user logs in
%System%\Tasks\Update\{Random file name} It attempts to get stored credential from the following: Eudora MS Outlook MS Outlook 2002/2003/2007/2010 Google Desktop Windows
server, username and password from the following: Microsoft FTP FileZilla FTP Commander JDownloder v2.0 Steam Attempts to get stored credential from the following: Eudora MS Outlook MS Outlook
certain versions of Microsoft Excel . To exploit the vulnerabilities, an attacker must persuade a potential victim to open a malicious MS Excel file. Users who are logged on as administrators are more in
mail MS Outlook Stored messenger passwords and their versions: MSN Messenger Google Talk Windows Live Messenger Other stored accounts and their versions: Gmail Notifier Google Desktop Other Details This
using OfficeScan with Intrusion Defense Firewall (IDF) plugin are also protected from attacks using these vulnerabilities. MS Bulletin ID Vulnerability ID DPI Rule Number DPI Rule Name Release Date IDF
%System Root% is the root folder, which is usually C:\. It is also where the operating system is located.) It adds the following registry keys: HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\ MS SETUP (ACME) It
the compressed .RAR file on their systems, the extracted file
detected by Trend Micro as TROJ_SASFIS.HBC is installed on the affected system.
The said file appears to be an MS Excel file named as
file name} It attempts to get stored credential from the following: Eudora MS Outlook MS Outlook 2002/2003/2007/2010 Google Desktop Windows Mail Windows Live Mail Outlook 2013 Outlook 2016 Incredimail
HKEY_CURRENT_USER\Software\Microsoft\ Windows\CurrentVersion\Run MS SERVICES = "%User Profile%\Application Data\AcroRd32Info.exe" Dropping Routine This Trojan drops the following files: %User Temp%\tmp26019.exe %User
_locales\it\messages.json _locales\ja\messages.json _locales\ko\messages.json _locales\ms\messages.json _locales\nl\messages.json _locales\no\messages.json _locales\pl\messages.json _locales\pt\messages.json
following registry keys: HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\ MS SETUP (ACME) Dropping Routine This Trojan drops the following files: %Common Startup%\system32.exe (Note: %Common Startup% is the system's
following registry keys: HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\ MS SETUP (ACME) Dropping Routine This spyware drops the following files: %Common Startup%\system16.exe (Note: %Common Startup% is the system's
files are exhibited on the affected system. As of this writing, the said sites are inaccessible. NOTES: The MS Word document which contains malicious macro code contains the following message:
Settings\{user name} on Windows 2000, XP, and Server 2003, or C:\Users\{user name} on Windows Vista and 7.) The MS Excel file contains the following fake details luring users to enable macro content: Spammed
Win32/Exploit.CVE-2014-4114.A (ESET), Trojan.PPDropper (Symantec) An Analysis of Windows Zero-day Vulnerability ‘CVE-2014-4114’ aka “Sandworm” October 2014 Patch Tuesday Fixes Sandworm Vulnerability MS Zero-Day Used in Attacks
the malware in %temp% folder} HKEY_Current_User\Microsoft\Windows\ CurrentVersion\Run "MS Sound Drivers" = {dropped copy of the malware in %temp% folder} HKEY_Current_User\Microsoft\Windows