Search
Keyword: URL
the file from the following URL and renames the file when stored in the affected system: https://{BLOCKED}ntravels.com/wp-content/uploads/2010/02/atlantis1-150x150.exe It saves the files it downloads
the file from the following URL and renames the file when stored in the affected system: https://{BLOCKED}ipegauction.ca/wp-content/uploads/2014/07/p2104us77.exe It saves the files it downloads using
files are exhibited on the affected system. Other Details This Trojan deletes itself after execution. NOTES: This Trojan accesses the URL {BLOCKED}.{BLOCKED}.35.133:33136/0912us21/{Computer Name}/0/{OS
Modification This spyware modifies the Internet Explorer Zone Settings. NOTES: This spyware accesses the URL https://www.pinterest.com/pin/{BLOCKED}5416/ to retrieve the server IP address of fake login pages. It
Firefox)/ Chrome Service Pack (for Google Chrome) to certain web browsers: 1.crx (for Google Chrome) 2.xpi (for Mozilla Firefox) It connect to the following URL to update its stat counter: http://whos.
downloaded files. As a result, malicious routines of the downloaded files are exhibited on the affected system. It downloads a possibly malicious file from a certain URL. The URL where this malware downloads
the URL to report status and to receive data. It is capable of brute forcing Windows logon users via a list of passwords from the received data. Trojan:Win32/Tibrun.B (Microsoft), Trojan.Asprox.B
the Internet Explorer Zone Settings. NOTES: This Trojan may connect to the URL http://{BLOCKED}cription/gate.php to download the key used in encrypting the files. The .eml file where the malware may
}p.sst1.info/files/nb1/index.html?{random} {URLs found in the downloaded file, index.html} It connects to the following URL as a notification for successful download routine. http://{BLOCKED}p.{BLOCKED}t1.info/files/nb1/success.asp?
file from a certain URL. The URL where this malware downloads the said file depends on the following parameter(s) passed on to it by its components: fool twin Other Details This Trojan takes advantage of
information: List of strings it will monitor usually related to banking URL to send stolen information Stolen Information This spyware sends the gathered information via HTTP POST to the following URL: http:
request to the remote URL to download a file which it executes on the machine. It then sends the results of the executed file back to the remote server. Dropped by other malware Connects to URLs/IPs,
said sites are inaccessible. Other Details This Exploit does the following: It connects to the following URL to execute a malicious script: https://a.{BLOCKED}o.{BLOCKED}e/wxbdpx.hta The malicious script
Details This Trojan does the following: Executes a script from the URL http://{BLOCKED}u.com/3? - script that connects to the URLs mentioned above to download and execute a malicious file
contains textbox for username/email and password. Upon clicking the "Download File" button on the pop-up window, the malware will connect to this malicious URL to send the stolen information (username and
contains textbox for username/email and password. Upon clicking the "Download File" button on the pop-up window, the malware will connect to this malicious URL to send the stolen information (username and
OSX_WIRELURK.A) enables the malware to download an updated copy of itself from the server and save it as follows: /usr/local/machook/update/update.zip It connects to the following URL to retrieve a link of its
malware/grayware or malicious users. Installation This Trojan drops and executes the following files: %User Temp%\ooJHggggcgjc.vbs -> capable of connecting to a possibly malicious URL to download a file (Note: %User
the following URL to download and execute arbitrary malicious code: http://{BLOCKED}.{BLOCKED}.227.242/qa.ph However, as of this writing the said site is inaccessible. Terminates running svchost.exe
events Obtain promo offers and post them Comment on fanpage posts It connects to the following URL to generate click profits: http://{BLOCKED}s.{BLOCKED}g.us http://{BLOCKED}r.info/adlinks.php Here are