Search
Keyword: URL
the file from the following URL and renames the file when stored in the affected system: https://{BLOCKED}esteward.com/css/Document1704.exe It saves the files it downloads using the following names:
HKEY_CURRENT_USER\Software\Microsoft\ Windows\CurrentVersion path = {malware file path}\{malware file name} Download Routine This Trojan downloads the file from the following URL and renames the file when stored in
Force terminate the following Processes: SpyTheSpy.exe TiGeR-Firewall.exe bavtray.exe Check if running under virtual machine Create a shortcut that will go to a specified url at every system startup Hide
the file from the following URL and renames the file when stored in the affected system: https://{BLOCKED}ipegauction.ca/wp-content/uploads/2014/07/p2104us77.exe It saves the files it downloads using
the file from the following URL and renames the file when stored in the affected system: https://{BLOCKED}ntravels.com/wp-content/uploads/2010/02/atlantis1-150x150.exe It saves the files it downloads
files are exhibited on the affected system. Other Details This Trojan deletes itself after execution. NOTES: This Trojan accesses the URL {BLOCKED}.{BLOCKED}.35.133:33136/0912us21/{Computer Name}/0/{OS
Modification This spyware modifies the Internet Explorer Zone Settings. NOTES: This spyware accesses the URL https://www.pinterest.com/pin/{BLOCKED}5416/ to retrieve the server IP address of fake login pages. It
information on the affected computer: Computer Name OS Version RAM NOTES: This backdoor pings the following URL to get its IP address where it connects to send and receive information from malicious user: file.
Spammers take advantage of the news regarding the supposedly merging of Skype, Hotmail, and MSN to lure users into downloading this malware. The spammed message includes a URL that points to this
file from a certain URL. The URL where this malware downloads the said file depends on the following parameter(s) passed on to it by its components: fool twin Other Details This Trojan takes advantage of
the URL to report status and to receive data. It is capable of brute forcing Windows logon users via a list of passwords from the received data. Trojan:Win32/Tibrun.B (Microsoft), Trojan.Asprox.B
}p.sst1.info/files/nb1/index.html?{random} {URLs found in the downloaded file, index.html} It connects to the following URL as a notification for successful download routine. http://{BLOCKED}p.{BLOCKED}t1.info/files/nb1/success.asp?
downloaded files. As a result, malicious routines of the downloaded files are exhibited on the affected system. It downloads a possibly malicious file from a certain URL. The URL where this malware downloads
the Internet Explorer Zone Settings. NOTES: This Trojan may connect to the URL http://{BLOCKED}cription/gate.php to download the key used in encrypting the files. The .eml file where the malware may
\Users\{user name}\AppData\Local\Temp on Windows Vista and 7.) It downloads a possibly malicious file from a certain URL. The URL where this malware downloads the said file depends on the following
request to the remote URL to download a file which it executes on the machine. It then sends the results of the executed file back to the remote server. Dropped by other malware Connects to URLs/IPs,
This Trojan Spy connects to the following Facebook URL to steal victim's information: https://secure.facebook.com/payments/settings/payment_methods/?__a=1
URL to steal victim's information: https://secure.facebook.com/payments/settings/payment_methods/?__a=1 https://www.facebook.com//bluebar/modern_settings_menu/ https://www.facebook.com/bookmarks/pages
('Net'+'.'+'Webc'+'lient'))).(('Downloadst'+'ri'+'ng')).InVokE((('http:'+'//{BLOCKED}'+'{BLOCKED}'+'{BLOCKED}'+'{BLOCKED}l.com/les'+'s.'+'da'+'t')))) It connects to the following URL to execute a malicious script: http://
said sites are inaccessible. Other Details This Exploit does the following: It connects to the following URL to execute a malicious script: https://a.{BLOCKED}o.{BLOCKED}e/wxbdpx.hta The malicious script