Search
Keyword: HTML_SOHANAD
VUNDO is a family of Trojans, adware, and spyware first spotted in 2004. It usually arrives as a bundle of components, downloaded from malicious websites. VUNDO is multi-component, meaning it has
an unsuspecting user visits an affected web page, this HTML script launches a hidden IFRAME that connects to the following URL: http://{BLOCKED}aofghjtr.ru:8080/images/aublbzdni.php As a result,
Messenger messages Insert iframe tags into HTML files Visit a Web page Create processes Block DNS Redirect domains Steal login credentials Log in to FTP sites It connects to the following URL(s) to send and
Insert iframe tags into HTML files Visit a Web Site Block DNS Steal login credentials Log in to FTP sites Create processes Modify the following system files: ipconfig.exe verclsid.exe regedit.exe
Once users access any of the monitored sites, it starts logging keystrokes. It attempts to steal information, such as user names and passwords, used when logging into certain banking or
This Trojan arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. It executes downloaded files whose malicious routines
This malware searches for specific file types in all drives. Once the files are found, it encrypts these files and then renames them. This Trojan executes certain actions WITHIN the affected
This spyware attempts to steal information, such as user names and passwords, used when logging into certain banking or finance-related websites. Infection Points This spyware arrives as a file
However, as of this writing, the said sites are inaccessible. Installation This Trojan creates the following folders: %Program Files%\Common Files\Plugins (Note: %Program Files% is the default
This spyware is injected into all running processes to remain memory resident. It attempts to steal information, such as user names and passwords, used when logging into certain banking or
This spyware may be dropped by other malware. It may be unknowingly downloaded by a user while visiting malicious websites. It creates folders where it drops its files. It may be injected into
This Trojan may be dropped by other malware. It may be unknowingly downloaded by a user while visiting malicious websites. It executes the downloaded files. As a result, malicious routines of the
This Trojan may be downloaded by other malware/grayware from remote sites. Arrival Details This Trojan may be downloaded by the following malware/grayware from remote sites: HTML_SHELLLOAD.B It may
This Trojan attempts to steal sensitive online banking information, such as user names and passwords. This routine risks the exposure of the user's account information, which may then lead to the
This Trojan attempts to steal sensitive online banking information, such as user names and passwords. This routine risks the exposure of the user's account information, which may then lead to the
This Trojan arrives as an attachment to email messages spammed by other malware/grayware or malicious users. It takes advantage of software vulnerabilities in certain software to drop malicious
This Trojan arrives as an attachment to email messages spammed by other malware/grayware or malicious users. It attempts to steal sensitive online banking information, such as user names and
This spyware attempts to steal information, such as user names and passwords, used when logging into certain banking or finance-related websites. Arrival Details This spyware may be downloaded from
This spyware attempts to steal information, such as user names and passwords, used when logging into certain banking or finance-related websites. Arrival Details This spyware may be unknowingly
This spyware arrives as an attachment to email messages spammed by other malware/grayware or malicious users. It is injected into all running processes to remain memory resident. It attempts to steal