Search
Keyword: JS_XORBAT.A
This Trojan may be hosted on a website and run when a user accesses the said website. This is the Trend Micro detection for files that contain malicious IFRAME tags. However, as of this writing, the
A new wave of spam that uses *.rar *.zip *.gif *.tiff *.docx *.pdf *.jpg is making its rounds. The attachment looks like it is renamed to lure recipients into clicking the attachment files. These
We have observed a recent spike in spam in Russian language. The spammed message delivers a SHADE ransomware variant via embedded link in the attached .PDF. Upon investigation, this campaign used
This malicious website is used in a Facebook clickjacking attack. The page hosts a spoofed YouTube page in Italian. Users who click the play button will inadvertently take part in the spamming
This Trojan does the following: files into a folder in %System% directory. It executes EAIY.EXE then terminates itself. Logs keystrokes, sites accessed, chat logs and screenshot, in turn compromising
This is the Trend Micro heuristic detection for suspicious files that manifest similar behavior and characteristics as the following malware: JS_GUMBLAR If your Trend Micro product detects a file
This backdoor may be dropped by other malware. It executes commands from a remote malicious user, effectively compromising the affected system. It connects to a website to send and receive
executes the dropped component file. The dropped component file downloads a file from a URL specified in the encrypted parameter,. p . The downloaded file is saved as %User Temp%\{random number}.exe , and is
This Trojan may be dropped by other malware. It executes then deletes itself afterward. It executes the dropped file(s). As a result, malicious routines of the dropped files are exhibited on the
This Trojan executes when a user accesses certain websites where it is hosted. It exports functions used by other malware. It requires its main component to successfully perform its intended routine.
This Trojan has received attention from independent media sources and/or other security firms. To get a one-glance comprehensive view of the behavior of this Trojan, refer to the Threat Diagram shown
This Trojan may be downloaded by other malware/grayware/spyware from remote sites. It may be dropped by other malware. It may be unknowingly downloaded by a user while visiting malicious websites. As
This is the Trend Micro detection for specially crafted .LNK files that are used to execute dropped copies of JS_MORPHE malware once this shortcut is accessed. As a result, the routines of the main
JS_OBFUSC.BEB loads a JAR file from this URL and it passes parameters to it if the computer has a particular Java version installed. This malware is related to a spammed message that leverages the
This spyware may be dropped by other malware. It logs a user's keystrokes to steal information. Arrival Details This spyware may be dropped by other malware. It may be downloaded from the following
downloaded by a user while visiting the following malicious websites: http://{BLOCKED}2.{BLOCKED}0.164.204/email/wu.exe http://{BLOCKED}utvisuals.com/clients/canada.exe Installation This spyware adds the
This Trojan may arrive bundled with malware packages as a malware component. Arrival Details This Trojan may arrive bundled with malware packages as a malware component. NOTES: This Trojan executes
following website(s) to download and execute a malicious file: http://{BLOCKED}z.cc/a/l.php?x=4004 NOTES: As of writing, however, the above-mentioned site redirects to http://{BLOCKED}portal.information.com/
This Trojan may be dropped by other malware. It connects to a website to send and receive information. Arrival Details This Trojan may be dropped by the following malware: BREX_EUPUDS.GHR It may be
This Trojan arrives as an attachment to email messages spammed by other malware/grayware or malicious users. It executes the downloaded files. As a result, malicious routines of the downloaded files