Search
Keyword: URL
routines: Show defrag window Download and saves a file from a URL Change wallpapper Display dialog boxes Hide files Terminate/delete itself Show balloon messages in the system tray Drops files, Downloads
information, the URL where the configuration file can be downloaded, the codes for web inject, and the monitored URLs. PWS:Win32/Zbot.gen!Y (Microsoft) 12 for 2012: What Will The New Year Bring?
executed copy of itself Rogue Antivirus Routine When users agree to buy the software, it connects to the following URL to continue the purchase: {BLOCKED}tect.com {BLOCKED}4233.com {BLOCKED}aralub.com
information, the URL where the configuration file can be downloaded, the codes for web inject, and the monitored URLs. PWS:Win32/Zbot.gen!Y (Microsoft) Downloads files
bank information, such as user names, passwords, or card codes. The stolen information could then be sent to a predetermined email address, to drop zones in hosted servers or to a URL via HTTP post. The
contains the drop zone where it sends stolen information, the URL where the configuration file can be downloaded, the codes for web inject, and the monitored URLs. PWS:Win32/Zbot.gen!Y (Microsoft),
specific URL Set IE home page Grab/delete flashplayer data 12 for 2012: What Will The New Year Bring? Via email, Dropped by other malware
connects to the following URL to report to the remote user if the above-mentioned processes exist in the affected system. It may also download other malicious files from this Website such as
processes It accesses the following URL via HTTP GET to download an updated copy of the malware: {BLOCKED}3.{BLOCKED}ages.net/image.cgi?1 Drops files, Connects to URLs/Ips, Downloads files, Compromises system
Information Theft This Trojan does not have any information-stealing capability. NOTES: This Trojan's configuration file contains the following information: File name of the downloaded file URL file path This
TSPY_DYRE.LMA It connects to the following URL to report infection of the affected system: http://{BLOCKED}2.{BLOCKED}3.35.133:{random port}/1401_11/{computer name of affected system}/0/{OS version}-{service pack
=regsvr.exe Shell=Open NOTES: This worm searches for folders in all removable drives then drops copies of itself inside the folder as {folder name} .exe. It also connects to the following URL to download files:
connects to the following website to send and receive information: http://{BLOCKED}ofnigeria.net:443 However, as of this writing, the said sites are inaccessible. NOTES: This Trojan connects to the URL above
= "{random values}" HKEY_CURRENT_USER\Software\Context2pro\ contextprod\AdServer BrowserDetectMode = "URL" HKEY_CURRENT_USER\Software\Context2pro\ contextprod\AdServer UrlOperationMode = "Include
Not yet implemented DOWNLOAD - Download file from C&C server DOWNLOAD_URL - Download file from specific URL UPLOAD - Upload file to C&C server RUN - Perform remote shell RUN_ASYNC - Perform remote shell
spyware s configuration file contains the following information: URLs where it downloads an updated copy of itself URL where it sends its gathered information It gathers the following data: Bot ID Data on
spyware s configuration file contains the following information: URLs where it downloads an updated copy of itself URL where it sends its gathered information It gathers the following data: Bot ID Data on
bank information, such as user names, passwords, or card codes. The stolen information could then be sent to a predetermined email address, to drop zones in hosted servers or to a URL via HTTP post. The
Trojan connects to the following website to send and receive information: http://{BLOCKED}npride.net:443 NOTES: This Trojan connects to the URL above to download the key used in encrypting the files. It
command to ping the specified URL with a specific buffer size: ping -n 4294967265 -l 65500 {BLOCKED}.{BLOCKED}.204.222:80 It displays the following ransom note after restarting the system: This ransomware