Search
Keyword: os2first
CVE-2010-1787 WebKit in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of
CVE-2010-1749 Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to execute
CVE-2010-1786 Use-after-free vulnerability in WebKit in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.1 on Mac OS X 10.4, allows remote attackers to execute
This Trojan arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. It deletes the initially executed copy of itself.
This backdoor connects to the following URL(s) to get the affected system's IP address: api.ipify.org It gathers the following information and reports it to its servers: OS Version IP Address Machine
following URL(s) to get the affected system's IP address: api.ipify.org It gathers the following information and reports it to its servers: OS Version IP Address Machine GUID The information are posted to the
HKEY_CURRENT_USER\Software\Microsoft\ Windows\CurrentVersion\Explorer\ Advanced Hidden = "1" (Note: The default value data of the said registry entry is 2 .) Dropping Routine This Trojan drops the following files:
reports it to its servers: Local IP Mac Address Size of RAM Country OS Name OS Version If User is Admin Java Version NOTES: It disables the following programs and antivirus-related applications by adding
compromised through the insertion of a malicious macro. It gathers the following information and reports it to its servers: OS Version IP Address Machine GUID The information are posted to the server in the
This Potentially Unwanted Application arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. Arrival Details This
%Application Data%\taskhealth\tabDll{XX} where {XX} can be 32 or 64 depending on the OS architecture. (Note: %Application Data% is the current user's Application Data folder, which is usually C:\Documents and
This Potentially Unwanted Application arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. It does not have any
This Potentially Unwanted Application arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. It connects to certain
This Potentially Unwanted Application arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. It connects to certain
This Potentially Unwanted Application arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. As of this writing, the said
drives: {Removable Drive}:\RobCryptor.exe → Copy of itself Information Theft This Ransomware gathers the following data: IP Address Username If Machine is 64-bit Total RAM Available Memory OS Version Lists
can be any of the following depending on affected machine's OS Version: 2K XP VS W7 UNK It propagates via MSN as one of its backdoor commands using the following file name: google_cache113.tmp It seeds
file. \?\globalroot\{random}\mbr - this is the code written in the Master Boot Record and executes ldr16. \?\globalroot\{random}\ldr16 - component loaded by the malware during OS boot-up. This is
and executes ldr16. \\?\globalroot\{random}\ldr16 - component loaded by the malware during OS boot-up. This is resposible for executing ldr32 or ldr64 depending on the Operating System. \\?\globalroot\
modifies the following registry entries to hide files with Hidden attributes: HKEY_CURRENT_USER\Software\Microsoft\ Windows\CurrentVersion\Explorer\ Advanced Hidden = 2 (Note: The default value data of the