Search
Keyword: URL
almost 80 thousand samples that were related from the October 31 spam surge, but this time the URL format was changed. The new attack used subject lines such as fake employee document , outdated invoice ,
This malicious .DOC file has two embedded .SWF files that it loads to exploit CVE-2011-0611. Once successfully exploited, this malware connects to a specific URL to download another possibly
scanned, the user is redirected to a URL where the malicious file can be downloaded. It attempts to sends several SMS messages to a certain premium rate number. An icon named 'JimmRussia' also appears in the
This Trojan takes advantage of certain software vulnerabilities to download possibly malicious files. This Trojan downloads a possibly malicious file from a certain URL. The URL where this malware
Upon execution, it displays a GUI indicating the installation of a rogue antivirus called Internet Protection. While doing so, it downloads its component file from the a certain URL via HTTP GET. If
Upon execution, it displays a GUI indicating the installation of a rogue antivirus called Internet Protection. While doing so, it downloads its component file from the a certain URL via HTTP GET. If
user's contacts. The said links point to a remote URL where a copy of the worm may be downloaded. Propagation This Trojan takes advantage of the following software vulnerabilities to propagate across
dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. NOTES: This Trojan connects to the URL http://{BLOCKED}-design.fi/KJHDhbje71 to download and execute a
Environment (JRE) component in Oracle Java SE 7 Update 6 and earlier It downloads a possibly malicious file from a certain URL. The URL where this malware downloads the said file depends on the parameter passed
from a certain URL. The URL where this malware downloads the said file depends on the following parameter(s) passed on to it by its components: url TrojanDownloader:Java/Toniper (Microsoft);
using the following names: %User Temp%\iiOdzFcOS0x7HZC.exe - when url is accessible %User Temp%\iiOdzFcOS0x7HZC - when the url is inaccessible (Note: %User Temp% is the user's temporary folder, where it
CVE-2016-1016 It connects to the website(s) to download and execute a malicious file.
The URL depends on the parameter passed on to it by its components. The URL where this malware downloads the said file depends
CVE-2009-0950 Stack-based buffer overflow in Apple iTunes before 8.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via an itms: URL with a long
file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. Other Details This Trojan does the following: The sample connects to a URL to download malware.
This URL is included in the configuration file of WORM_ZBOT.GJ. This worm attempts to steal sensitive online banking information, such as user names and passwords. WORM_ZBOT.GJ is notable for its
This URL is included in the configuration file of WORM_ZBOT.GJ. This worm attempts to steal sensitive online banking information, such as user names and passwords. WORM_ZBOT.GJ is notable for its
BKDR_SIMBOT.EVL connects to this URL to send and receive information. BKDR_SIMBOT.EVL is also capable of downloading and executing other malware leaving infected systems susceptible to other, more
BKDR_SIMBOT.EVL connects to this URL to send and receive information. BKDR_SIMBOT.EVL is also capable of downloading and executing other malware leaving infected systems susceptible to other, more
screen saver from http://%7bBLOCKED%7dgle.0catch.com/love.scr and get new tips and tricks from URL happy valentine day screen saver and beautiful screen saver from lovers http://%7bBLOCKED
Other Details This Trojan deletes the initially executed copy of itself NOTES: It connects to the following URL to get its configuration file that is loaded in memory: http://{BLOCKED}.{BLOCKED