Search
Keyword: URL
to click on a link to see her photos. When clicked, the links redirects the user to the URL http:{BLOCKED}.infored.mx , a dating site blocked by Trend Micro. Trend Micro now detects and blocks this
This URL leads to a phishing site designed to replicate the legitimate RuneScape website, which is a popular massive multi-player online (MMO) gaming site. Upon accessing the phishing site users are
the .PDF file shows a URL to fake NACHA sites, which are now classified under 'Disease Vector' due to possible malware download.
email to avoid the AOL account suspension This URL leads to a phishing website. This phishing site is currently blocked.
was Adultfinder an online community that offers free adult dating. Clicking the image redirects users to a website where a possibly executable file will automatically be downloaded. The malicious URL is
component bundled with malware/grayware packages. It may be hosted on a website and run when a user accesses the said website. NOTES: This Trojan connects to a possibly malicious URL. The URL where this
is a Java class file that is used to execute an exploit code. Once successful, it may download and execute a possibly malicious file from a certain URL. The URL where this malware downloads the said
is a Java class file that is used to execute an exploit code. Once successful, it may download and execute a possibly malicious file from a certain URL. The URL where this malware downloads the said
bundled with malware/grayware packages. It executes when a user accesses certain websites where it is hosted. NOTES: This malware downloads from a URL specified in the parameter aaa . It then saves the
file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. NOTES: It contains a functions that attempts to connect to a certain URL to download a possibly
file from the URL specified in the parameter riversizer and saves it as %User Temp%\yr{random number}.exe . It then executes the downloaded file. (Note: %User Temp% is the current user's Temp folder,
JS_SHELLCOD.JON Once this URL is accessed, it connects to the following site: http://rchfs.com/10/nuspc.php. It then redirect the user to http://www.google.com to hide its execution. It also downloads the following
file. The URL where it downloads the file which may be base64 encoded is usually indicated in the HTML param tag. Downloads files
download files. It requires a URL parameter where to connect to and download file from, and a file name parameter where to save the downloaded file. Trojan-Downloader.Java.Agent.ja (Kaspersky) Downloads
hosted on a website and run when a user accesses the said website. Download Routine This Trojan downloads a possibly malicious file from a certain URL. The URL where this malware downloads the said file
malware/grayware or malicious users. Other Details This Trojan does the following: Displays the following: Employs social engineering tactic to trick the victims to manually access the following malicious URL either
Routine This Trojan saves the files it downloads using the following names: %TEMP%\{random numbers}.exe It downloads a possibly malicious file from a certain URL. The URL where this malware downloads the
file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. Other Details This Trojan does the following: Connects to the following possibly malicious URL
}al.de/cijweh78fDFA It does the following: It executes the downloaded code from the URL using powershell. However, as of this writing, the said sites are inaccessible. W97M.Downloader.M (Norton);
}nd-kraemer.de/cijweh78fDFA It does the following: It executes the downloaded code from the URL using powershell. However, as of this writing, the said sites are inaccessible. Exploit:O97M/DDEDownloader.C (Microsoft);