Search
Keyword: URL
BKDR_GATAKA.A connects to this URL to send and receive commands from a remote malicious user. However, as of this writing, the said sites are inaccessible.
BKDR_GATAKA.A connects to this URL to send and receive commands from a remote malicious user. However, as of this writing, the said sites are inaccessible.
This Trojan downloads a possibly malicious file from a certain URL. The URL where this malware downloads the said file depends on the parameter passed on to it by its components. This Trojan arrives
This Trojan downloads a possibly malicious file from a certain URL. The URL where this malware downloads the said file depends on the parameter passed on to it by its components. This Trojan arrives
This Trojan access a certain URL to download possibly malicious files. This Trojan arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting
This Trojan downloads a possibly malicious file from a certain URL. The URL where this malware downloads the said file depends on the parameter passed on to it by its components. This Trojan arrives
}ophilupop.com/s NOTES: The URL mentioned above may redirect to other malicious URLs such as the following: http://{BLOCKED}l31inesst.rr.nu/n.php?h=1&s=sl http://{BLOCKED}61ngunde.rr.nu/n.php?h=1&s=sl http://
following URL to load a malicious web page: {web address where it is hosted}/main.html - detected as VBS_OLEAR.C It connects to the following URLs to play possibly malicious Adobe Flash files: {web address
?n=1774256418&fid=4#n=1252899642&fid=1&fav=1 . It then shows them the following to trick users into providing their email address. After, it redirects to the URL https://www.{BLOCKED
downloads a possibly malicious file from a certain URL. The URL where this malware downloads the said file depends on the parameter passed on to it by its components. NOTES: This is a malicious Java archive
malicious files: CVE-2012-0507 It downloads a possibly malicious file from a certain URL. The URL where this malware downloads the said file depends on the parameter passed on to it by its components. NOTES:
malicious files: CVE-2012-0507 It downloads a possibly malicious file from a certain URL. The URL where this malware downloads the said file depends on the parameter passed on to it by its components. NOTES:
the following URLs: http://www.{BLOCKED}vity.com/?dn={Document domain}&pid=9POL6F2H4 Document.domain function will retrieve the domain where it is hosted and embed it in the URL where it connects to.
\Software\Microsoft ld_done1 = {dword value} NOTES: It connects to the following malicious URL to send encrypted system information and to download other files: {random}.pohuy.ws The system information sent
Other Details Based on analysis of the codes, it has the following capabilities: It may connect to the following URL related to pornography: http://www.{BLOCKED}ov.com
{hash} http://{BLOCKED}heck.com/{uri}/{hash} Its configuration file contains the following information: Search URL (referrer url) e.g http://{BLOCKED}nameall.com Update URL (new C&C) e.g http://{BLOCKED
This is the malicious URL related to the detection TROJ_ZBOT.BXI. It is where the malware may be downloaded. This is also where it downloads its configuration file.
TROJ_DNSCHANG.YI connects to this malicious URL to download possibly malicious files onto the computer, which puts the computer at a greater risk of infection by other threats. .
Shortened URL that points to the site� http://{BLOCKED}count.info/end.php . This is related to the malware JS_FBOOK.VTG and the fake Osama bin Laden video attack in Facebook .
Shortened URL that points to the site� http://{BLOCKED}count.info/end.php . This is related to the malware JS_FBOOK.VTG and the fake Osama bin Laden video attack in Facebook .