Search
Keyword: URL
Manager\Accounts\Bigfoot LDAP Server = "ldap.bigfoot.com" HKEY_CURRENT_USER\Software\Microsoft\ Internet Account Manager\Accounts\Bigfoot LDAP URL = "http://www.{BLOCKED}t.com" HKEY_CURRENT_USER\Software
Manager\Accounts\Bigfoot LDAP URL = "http://www.{BLOCKED}t.com" HKEY_CURRENT_USER\Software\Microsoft\ Internet Account Manager\Accounts\Bigfoot LDAP Search Return = "64" HKEY_CURRENT_USER\Software\Microsoft
Manager\Accounts\Bigfoot LDAP Server = "ldap.bigfoot.com" HKEY_CURRENT_USER\Software\Microsoft\ Internet Account Manager\Accounts\Bigfoot LDAP URL = "http://www.{BLOCKED}t.com" HKEY_CURRENT_USER\Software
cybercriminals behind this attack not only used a convincing interface for the fake Adobe installer, they also utilized a URL that strongly suggested that it is an Adobe -related site. How do affected users remove
will be monitored by the malware. It also contains the drop zone and the URL where a backup configuration file can be downloaded. Information Theft It monitors the browser activities of the affected
connects to a URL to send and receive information. This worm may be downloaded by other malware/grayware/spyware from remote sites. It may be unknowingly downloaded by a user while visiting malicious
network for machines using VNC Send links via MSN Messenger Spread via USB TCP flooding UDP flooding Update itself Visit a URL It propagates through the following P2P applications: Ares BearShare DC++ Emule
malicious file from a certain URL. The URL where this malware downloads the said file depends on the parameter passed on to it by its components. Information Theft This backdoor gathers the following data: OS
file setm.ini . This configuration file contains the following: Sleep time of the malware URL it connects to File names of the component files Bot ID It connects to the following remote site to download
from a remote malicious user: MSN spreader P2P Spreader DDOS (TCP/UDP Flooding) Retrieve Stored Browser Passwords Update / Remove self Download and execute arbitrary files USB Spreader Visit a URL /
Manager [CLASS:ConsoleWindowClass] Download Routine This worm accesses the following websites to download files: http://www.avira.com - non-malicious URL It saves the files it downloads using the following
configuration file contains a URL where the malware can download other files, an update of itself, file name to use, and malware version. If an update of itself is available, it renames itself to old_dd800s.exe ,
of Google search function, wherein it returns a link that contains the malicious URL and file when a user keys in Tsunami hitting Hawaii. To get a one-glance comprehensive view of the behavior of this
connects to a URL to send and receive information. This worm may be downloaded by other malware/grayware/spyware from remote sites. It may be unknowingly downloaded by a user while visiting malicious
the rogue product, users are directed to a certain website asking for sensitive information, such as credit card numbers. When users agree to buy the software, it connects to the following URL to
overwrites with the encrypted binary from URL (Note: %User Temp% is the user's temporary folder, where it usually is C:\Documents and Settings\{user name}\Local Settings\Temp on Windows 2000, Windows Server
uses the following URL Query strings to send data via HTTP POST: sendlog.php name="logfile" file name="User Temp%\system.log" recvdata.php rawdata={data} tmpdata={data} procdata={data} Downloaded from
) NOTES: It connects to the following URL to send and receive information: ssl.{BLOCKED}ed-clouder.com dns.{BLOCKED}ed-clouder.com Collects system information, Steals information
Temp%\tep-D366.txt - overwrites with the encrypted binary from URL (Note: %User Temp% is the user's temporary folder, where it usually is C:\Documents and Settings\{user name}\Local Settings\Temp on
Backdoor Routine This Worm executes the following commands from a remote malicious user: Sleep Exit the malware Install miner Start miner Close miner Execute in cmd Update Receive a url Download a file