Search
Keyword: JS_PADODOR
This worm arrives via removable drives. It may be downloaded by other malware/grayware/spyware from remote sites. It modifies registry entries to hide files with System and Read-only attributes. It
This description is based is a compiled analysis of several variants of TROJ_HILOTI. Note that specific data such as file names and registry values may vary for each variant. This Trojan arrives on a
This Trojan arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. It may be hosted on a website and run when a user
This Trojan arrives as an attachment to spammed email claiming to be from a security researcher. It drops a malicious JavaScript that drops a backdoor. To get a one-glance comprehensive view of the
This backdoor may be dropped by other malware. It executes commands from a remote malicious user, effectively compromising the affected system. Arrival Details This backdoor may be dropped by the
This Trojan may be hosted on a website and run when a user accesses the said website. It redirects browsers to certain sites. Arrival Details This Trojan may be hosted on a website and run when a
This malware exploits the vulnerability in Microsoft XML Core Services, which prompted Microsoft to release a fix tool. To get a one-glance comprehensive view of the behavior of this Trojan, refer to
This Trojan may be hosted on a website and run when a user accesses the said website. Arrival Details This Trojan may be hosted on a website and run when a user accesses the said website. NOTES: Once
This Trojan connects to a certain URL using the Internet browser to display an animation. It does this to hide its malicious routine. It sets a URL as the automatic configuration script address of
This Trojan opens a certain registry key. It then queries the data under a specific value for the subkeys under a certain key. For the paths that it finds, it will append a certain line. It will then
This spyware may be dropped by other malware. It executes then deletes itself afterward. It connects to certain websites to send and receive information. Arrival Details This spyware may be dropped
This Trojan may be hosted on a website and run when a user accesses the said website. It takes advantage of software vulnerabilities to allow a remote user or malware/grayware to download files.
This is the Trend Micro detection for files that exhibit certain behaviors. This Trojan may be downloaded by other malware/grayware/spyware from remote sites. It may be hosted on a website and run
This Trojan arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. Arrival Details This Trojan arrives on a system as a
This Trojan may be hosted on a website and run when a user accesses the said website. It inserts an IFRAME tag that redirects users to certain URLs. However, as of this writing, the said sites are
This Trojan may be unknowingly downloaded by a user while visiting malicious websites. It executes when a user accesses certain websites where it is hosted. It may be hosted on a website and run when
This Trojan may be hosted on a website and run when a user accesses the said website. Arrival Details This Trojan may be hosted on a website and run when a user accesses the said website. NOTES: Once
This is the Trend Micro detection for specially crafted .LNK files that are used to execute dropped copies of JS_MORPHE malware once this shortcut is accessed. This Trojan may be dropped by other
This is the Trend Micro detection for .JOB files that execute files detected as JS_QAKBOT. These files are components of the WORM_QAKBOT malware family. NOTES: This is the Trend Micro detection for
This worm arrives by connecting affected removable drives to a system. It may be downloaded by other malware/grayware from remote sites. It is injected into all running processes to remain memory