Search
Keyword: URL
files. As a result, malicious routines of the downloaded files are exhibited on the affected system. It downloads a possibly malicious file from a certain URL. The URL where this malware downloads the said
TROJ64_INSTOL.USR passes the encrypted URL to this DLL component. This DLL component has only one export function named ExportFunc which is repeatedly executed. Dropped by other malware, Downloaded from the Internet,
\Documents and Settings\{user name} on Windows 2000, XP, and Server 2003, or C:\Users\{user name} on Windows Vista and 7.) It downloads a possibly malicious file from a certain URL. The URL where this malware
HKEY_CURRENT_USER\Software\Microsoft\ Internet Explorer\Main TabProcGrowth = "0" HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ Windows\CurrentVersion\URL SystemMgr = "Del" Other Details This Trojan connects to the following
file and modifies it so that it runs the malware on system startup The patched driver is detected by Trend Micro as PE_TDSS.A. Encrypts the data and passes the information as parameter to the server URL
{BLOCKED}l.net/img/pt.png http://{BLOCKED}l.net/img/fr.jpg It saves the files it downloads using the following names: %System Root%\jamesdat.exe - detected as TROJ_AGENT.AUCU %System%\igfxtrai.exe - URL
URL in which an updated copy or another malware can be downloaded. It saves this information to the following registry entry: HKEY_CLASSES_ROOT\idid url{number} = "{hex data}"
downloads a file from a certain URL then renames it before storing it in the affected system. Installation This worm drops the following copies of itself into the affected system: %system%\36D0F1\2ADE6B.EXE
generates a psuedorandom string to be used for the domain name of the URL it connects to. It does not have rootkit capabilities. It does not exploit any vulnerability. Trojan:JS/BlacoleRef.W (Microsoft),
Environment component to connect to a website and download possibly malicious files. The URL where this Trojan connects depends on the parameter passed on to it by its components. It does not have a rootkit
Bulletin APSB08-13 Adobe Security Bulletin APSB08-19 Adobe Security Bulletin APSB09-04 Adobe Security Advisory APSA09-07 NOTES: If the URL is still accessible, it downloads a file and executes the following
This backdoor connects to a certain URL to send and receive commands from a remote malicious user. It is capable of executing the certain backdoor commands. It also performs a HTTP POST request.
This Trojan connects to a malicious URL through via 443 to send information such as computer name, user name, IP address, and subnet mask among others. However, as of this writing, the said site is
executes the following commands from a remote malicious user: Download Files Remove Itself Send message to the affected system Get Operating System Information Execute Files Open a specific URL with Internet
connects to the following possibly malicious URL: {BLOCKED}.{BLOCKED}.185.211 NOTES: It may connect to the non-malicious URL http://www.msn.com/ . This Trojan connects to seemingly non-malicious URLs that
file from a certain URL. The URL where this malware downloads the said file depends on the following parameter(s) passed on to it by its components: calf manu Other Details This Trojan requires its main
URL. The URL where this malware downloads the said file depends on the parameter passed on to it by its components. Information Theft This Trojan does not have any information-stealing capability. Other
to the following non-malicious URL to download updates: update.gamma-international.de:6666 It may display the following interface: Constructor.Win32.Fisy.b (Kaspersky) Dropped by other malware,
browser helper objects (BHOs). BHOs are commonly used by adware. With this, users may experience unwanted pop-up advertisements and URL redirections. This backdoor executes commands from a remote malicious
}\AppData\Roaming on Windows Vista and 7.) NOTES: It connects to the URL to report status and to receive data. It is capable of brute forcing Windows logon users via a list of passwords from the