Search
Keyword: HTML_SOHANAD
This spyware attempts to steal information, such as user names and passwords, used when logging into certain banking or finance-related websites. Infection Points This spyware arrives as a file
This spyware attempts to steal information, such as user names and passwords, used when logging into certain banking or finance-related websites. Arrival Details This spyware may be downloaded from
This spyware may be dropped by other malware. It may be unknowingly downloaded by a user while visiting malicious websites. It creates folders where it drops its files. It may be injected into
This spyware may be dropped by other malware. It may be unknowingly downloaded by a user while visiting malicious websites. It creates folders where it drops its files. It modifies the Internet
This Trojan arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. It modifies registry entries to disable various system
This worm drops an AUTORUN.INF file to automatically execute the copies it drops when a user accesses the drives of an affected system. It modifies the user's Internet Explorer home page into a
Messenger messages Insert iframe tags into HTML files Visit a Web page Create processes Block DNS Redirect domains Steal login credentials Log in to FTP sites It connects to the following URL(s) to send and
to the said servers to get encrypted data, which when decrypted, contains HTML inject codes and target URLs which are mostly bank-related websites: cgi-bin/options.cgi?user_id=3397599756&version_id
file. The URL where it downloads the file which may be base64 encoded is usually indicated in the HTML param tag. Downloads files
file. The URL where it downloads the file is usually indicated in the HTML param tag. Save the downloaded file in the current user's Temp folder
This JavaScript has received attention from independent media sources and/or other security firms. To get a one-glance comprehensive view of the behavior of this Trojan, refer to the Threat Diagram
This Trojan arrives as an attachment to email messages spammed by other malware/grayware or malicious users. As of this writing, the said sites are inaccessible. This is the Trend Micro detection for
This Trojan arrives as an attachment to email messages spammed by other malware/grayware or malicious users. However, as of this writing, the said sites are inaccessible. It redirects browsers to
This Trojan may be unknowingly downloaded by a user while visiting malicious websites. It may be hosted on a website and run when a user accesses the said website. This is the Trend Micro detection
This is the Trend Micro detection for certain malicious JavaScript (JS) files embedded on HTML Web pages. When run, it connects to Twitter sites. These sites are used by the malicious script to
This is the Trend Micro detection for files that exhibit certain behaviors. NOTES: Other Details This is the Trend Micro detection for: script files that contains a malicious Javascript code. It does
This Trojan arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. As of this writing, the said sites are inaccessible.
This Trojan redirects browsers to certain sites. Other Details This Trojan redirects browsers to the following sites: http://{BLOCKED}us.com.mx/1.html
This Trojan may be dropped by other malware. It may be unknowingly downloaded by a user while visiting malicious websites. However, as of this writing, the said sites are inaccessible. It executes
Adware Routine This Trojan connects to the following URLs to download and display ads: http://www.{BLOCKED}r.net/?t=3&embedded=false http://www.{BLOCKED}you.com/exit/movies1.html?embedded=false