Search
Keyword: URL
\software\macromedia\flashplayeractivex It uses the following URL as referrer to access the site where it generates its click-fraud: http://{BLOCKED}litter.com/ It uses the advertisements from the following
to check for an Internet connection: google.pl It does the following: It connects to the URL "http://bit.ly/2razNDz" which will then be redirected to "http://www.wikihow.com/Send-Bitcoins" It tries to
x11 -> X11 x13 -> X13 x14 -> X14 x15 -> X15 zr5 -> ZR5 -o, --url=URL -> URL of mining server -O, --userpass=U:P -> username:password pair for mining server -u, --user=USERNAME ->
contains a URL where it connects to possibly download other files. Arrival Details This adware arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when
objautlink and URL Monikers TippingPoint 27841: HTTP: RTF File Implementing objautlink and URL Monikers Smart Home Network Security 1133594 FILE Microsoft Outlook Remote Code Execution Vulnerability
Coinminer requires the following additional components to properly run: {Coinminer Directory}\config.json It does the following: It accepts the following Parameters: -o, --url=URL URL of mining server -a,
Cross-site scripting (XSS) vulnerability in the URLDecoder function in JRE before 1.8, as used in Apache Struts 2.x before 2.3.28, when using a single byte page encoding, allows remote attackers to
however, led them to download a bogus Adobe Flash Player update (detected by Trend Micro as TROJ_DLOAD.QK ). This connects to a URL to download TROJ_INJECT.ZZ, which dropped TROJ_ROOTKIT.FX. Normal 0 false
\ Internet Explorer\SearchScopes\{DAED9266-8C28-4C1C-8B58-5C66EFF1D302} DisplayName = "Search" HKEY_CURRENT_USER\Software\Microsoft\ Internet Explorer\SearchScopes\{DAED9266-8C28-4C1C-8B58-5C66EFF1D302} URL =
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\ Services\Distribublr Backdoor Routine This worm executes the following commands from a remote malicious user: Access URL using Internet Explorer Download and execute
(DOWNLOAD) - Downloads and execute arbitrary file (EXEC) - Executes command (GET) - Sends GET floods (HELP) - Print Commands (OPENURL) - Opens a URL using a hidden browser (POST) - Sends POST floods
Downloads and execute arbitrary file (EXEC) - Executes command (GET) - Sends GET floods (HELP) - Print Commands (OPENURL) - Opens a URL using a hidden browser (POST) - Sends POST floods (QUIT) - Terminate
\Software\Microsoft\Windows\CurrentVersion senha = "{stolen password}" It then send passwords for the said sites to the following URL via HTTP post: http://{BLOCKED}nerditerr.{BLOCKED}1.f1.k8.com.br/teste.php
www.google.com {BLOCKED}.{BLOCKED}.118.188 search.yahoo.com {BLOCKED}.{BLOCKED}.118.188 www.bing.com NOTES: It accesses the following URL to notify the malicious user of its installation: http://{BLOCKED}.{BLOCKED
an encrypted file. It connects to a certain URL to get a list of active peers. This worm arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when
It connects to a URL to download its configuration file. It hooks certain APIs to perform its information stealing routine. This Trojan may be dropped by other malware. It may be unknowingly
\ Internet Explorer\SearchScopes\{DAED9266-8C28-4C1C-8B58-5C66EFF1D302} DisplayName = "Search" HKEY_CURRENT_USER\Software\Microsoft\ Internet Explorer\SearchScopes\{DAED9266-8C28-4C1C-8B58-5C66EFF1D302} URL =
=Recycled.scr shell\Auto\command=Recycled.scr Other Details This worm deletes the initially executed copy of itself NOTES: It injects itself into the created process svchost.exe. It connects to the following URL
Temporary folder, which is usually C:\Windows\Temp or C:\WINNT\Temp.) NOTES: It reports system infection by sending IP address and infection time to the following URL via HTTP post: http://www.{BLOCKED
file from a certain URL then renames it before storing it in the affected system. It executes the downloaded files. As a result, malicious routines of the downloaded files are exhibited on the affected