Search
Keyword: URL
Routine This Trojan downloads a possibly malicious file from a certain URL. The URL where this malware downloads the said file depends on the following parameter(s) passed on to it by its components:
PE_VIRUX variants Other Details This is the Trend Micro detection for Web pages that were compromised through the insertion of a certain malicious script. It does the following: Contains the following URL in
allows remote attackers to bypass the trusted documents whitelist (fromHCP option) and execute arbitrary commands via a crafted hcp:// URL, aka "Help Center URL Validation Vulnerability." microsoft
event. No URL appears to be present in the mail at first, but upon analysis we discovered that a URL is embedded in the actual image, which when accessed does lead to a website selling fake watches. Users
TSPY_KEYLOG.NTW It then executes the downloaded files. As a result, malicious routines of the downloaded files are exhibited on the affected system. NOTES: This malware is hosted on the URL http://{BLOCKED
malicious .JAR file. This malicious Java class file accesses the data parameter in a certain HTML file that executes this file to get the URL where a binary can be downloaded. This Trojan may be dropped by
to a certain URL to report system infection and download possibly malicious files. This Trojan arrives as an attachment to email messages spammed by other malware/grayware or malicious users. It
2>&1 where $LDR can be any of the following: wget -q -O - curl It connects to the following URL to download a file: http://{BLOCKED}.{BLOCKED}.39.78/4.sh http://{BLOCKED}.{BLOCKED}.39.78/re.php http://
NOTES: This spyware connects to the following Google Drive URL to upload files: www.{BLOCKED}leapis.com/upload/drive/v2/files?alt={BLOCKED}n&uploadType=multipart Before if uploads, it connects to the
NOTES: It reports to the following URL if the dropped file is successfully executed: http://{BLOCKED}o.applibrary.org/readme.php?type=execution&result=created_and_executed It reports to the following URL
chain, recipients get a spearphishing URL which leads to several redirections, finally pointing to the URL where the exploit is hosted. Another malware, detected as TROJ_DROPPR.CXC then drops this SEDNIT
the URL of its configuration file: http://www.{BLOCKED}est.com/pin/66217056995285416/ As of this writing, no embedded URL is found in the website. It saves the downloaded configuration file as: %User
service. It may access the URL below: http://www.{BLOCKED}dio.com/query.php
origin URL in the first argument to the DownloadImageFileURL method, and the local filename in the second argument. NOTE: some of these details are obtained from third party information. Black_ice,
Routine This Trojan downloads a possibly malicious file from a certain URL. The URL where this malware downloads the said file depends on the parameter passed on to it by its components. PHP/Rst.CO!tr.bdr
sequences, which allows remote attackers to bypass the trusted documents whitelist (fromHCP option) and execute arbitrary commands via a crafted hcp:// URL, aka "Help Center URL Validation Vulnerability.
origin URL in the first argument to the DownloadImageFileURL method, and the local filename in the second argument. NOTE: some of these details are obtained from third party information. Black_ice,
Tomcat 4.1.34 and 5.5.20, allows remote attackers to execute arbitrary code via a long URL that triggers the overflow in a URI worker map routine. Apache Tomcat JK Web Server Connector 1.2.19,Apache Tomcat
mod_jk in Apache Tomcat JK Web Server Connector 1.2.x before 1.2.23 decodes request URLs within the Apache HTTP Server before passing the URL to Tomcat, which allows remote attackers to access
CVE-2007-5947 The jar protocol handler in Mozilla Firefox before 2.0.0.10 and SeaMonkey before 1.1.7 retrieves the inner URL regardless of its MIME type, and considers HTML documents within a jar