Search
Keyword: os2first
AMBLER variants were first seen in the wild in 2009. It is a family of Trojans, spyware, and worms that are designed to steal sensitive information from users. Some of the information it steals are
CARBERP is a Trojan family first seen in 2009. This banking Trojan is designed to steal user credentials through hooking network APIs in WININET.DLL , monitoingr user browsing activities. It has the
CARBERP is a Trojan family first seen in 2009. This banking Trojan is designed to steal user credentials through hooking network APIs in WININET.DLL , monitoingr user browsing activities. It has the
CARBERP is a Trojan family first seen in 2009. This banking Trojan is designed to steal user credentials through hooking network APIs in WININET.DLL , monitoingr user browsing activities. It has the
AMBLER variants were first seen in the wild in 2009. It is a family of Trojans, spyware, and worms that are designed to steal sensitive information from users. Some of the information it steals are
files use random file names, names of the existing folders, and hardcoded file names. This enables the copy of the worm to execute first before opening the real folder. It then changes the attributes of
This worm arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. Arrival Details This worm arrives on a system as a file
.tif .txt .wav .wma .wmv .xls This routine enables the copy of the worm to execute first before opening the real folder or file. It then changes the attributes of the original folders and files to Hidden
.png .tif .txt .wav .wma .wmv .xls This routine enables the copy of the worm to execute first before opening the real folder or file. It then changes the attributes of the original folders and files to
This Trojan arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. Arrival Details This Trojan arrives on a system as a
http://ow.ly is a legit website used to shorten URLs. This trojan does this to avoid blacklisting of the malicious URL. The file it downloads is encrypted. The downloaded file is decrypted first before
This Trojan arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. Arrival Details This Trojan arrives on a system as a
This Trojan arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. Arrival Details This Trojan arrives on a system as a
routines: -a (for encryption) -s (for dropping its copy) It encrypts most of the files in the affected system. It checks the following directories first before encrypting other files: %Program Files%
HKEY_CURRENT_USER\Software\VB and VBA Program Settings\ SrvID\ID It adds the following registry entries: HKEY_CURRENT_USER\Software\VB and VBA Program Settings\ INSTALL\DATE 98UJ1H0LYI = "{date of first execution}
This Trojan arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. Arrival Details This Trojan arrives on a system as a
tif txt wav wma wmv xls This routine enables the copy of the worm to execute first before opening the real folder or file. It then changes the attributes of the original folders and files to Hidden and
This Trojan arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. Arrival Details This Trojan arrives on a system as a
writing, the said sites are inaccessible. NOTES: First it attempts to save it downloaded file in %System% but if it fails, it will save its downloaded file in %User Temp%. Downloaded from the Internet,
\ .exe¡¡ {Default} = "exefile" HKEY_CURRENT_USER\Software\LoveQ first = "closeQQ" Information Theft This worm steals the following information: User log-in credentials for IM QQ Stolen Information This