Search
Keyword: Possible_OLGM-23
System administrators are known to use similar tools, if not the same programs, to test security and identify possible avenues of intrusion.
user accesses the said website. NOTES: This is the Trend Micro detection for Java files used as a component of another malware. This malware is used to download files. It contains a URL where a possible
Therefore, regedit.exe loads the malicious clb.dll into the system. It listens to port 3389/TCP, the port for RDP, for possible enabled Remote Desktop . This worm searches for Remote Desktop Servers, and tries
{BLOCKED}.237.10/Home/index.php to download a possible malicious script. As a result, routines of the downloaded script are also exhibited on the affected system. However, as of this writing, the said URL is
{BLOCKED}.237.10/Home/index.php to download possible malicious script. As a result, routines of the downloaded script are also exhibited on the affected system. However, as of this writing, the said URL is
HTML script launches a hidden IFRAME that connects to a malicious URL. NOTES: Once an unsuspecting user visits an affected Web page, this HTML iFrame connects to the following URLs to download a possible
insertion of a certain IFRAME tag. NOTES: Once an unsuspecting user visits an affected Web page, this HTML iframe connects to the following URLs to download possible malicious scripts. http://www.{BLOCKED
This Trojan deletes the initially executed copy of itself NOTES: Upon execution, this Trojan displays the following messages notifying the user of a possible infection: It displays the following window
=2001&ro=0&uq=1&ref=unknown&_=1348478185739 download possible malicious scripts. However, as of this writing, the said site is inaccessible.
regedit.exe that the dropped file is the component that it needs. Therefore, regedit.exe loads the malicious clb.dll into the system. It listens to port 3389/TCP, the port for RDP, for possible enabled Remote
(Symantec); Trojan-Spy.Win32.Gauss (Kaspersky) GAUSS Attack Continues Streak of Possible State-Sponsored Attacks Downloaded from the Internet, Dropped by other malware Connects to URLs/IPs, Drops files
user accesses the said website. NOTES: This is the Trend Micro detection for Java files used as a component of another malware. It is used to download files. A URL where a possible malicious file is
attempts to access the following possible malicious websites: http://www.{BLOCKED}34xing.w239.dns911.cn/kills.txt?t3=125424 http://www.{BLOCKED}sp.web194.dns911.cn/kills.txt?t4=125429 http://www.{BLOCKED
Later investigations revealed that this malware family attempts to affect as many computers as possible to create a zombie network that can be used to send spam. Installation This worm drops the following
This Trojan is related to a possible targeted attack. To get a one-glance comprehensive view of the behavior of this Trojan, refer to the Threat Diagram shown below. It uses legitimate program files
}/kys_allow_get.asp?name=getkys.jpg&hostname={hostname}-{IP Address} to download a possible configuration file that contains its intended routines. It also sends back information such as host name and IP address to the
to connect to the remote C&C server and sends packets depending on the argument received and waits for possible connection. It is capable of receiving arbitrary commands from a remote attacker that may
now 2) one packed file (no more than 1 megabyte) In response comes the original file and the instruction for money transfer (The original file is proof that it is possible to return all files to their
list of possible user names: admin Admin administrator Administrator bbsd-client blank cmaker d-link D-Link guest hsa netrangr root supervisor user webadmin wlse It uses the following list of passwords:
This worm arrives via removable drives. It arrives by accessing affected shared networks. It arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when