Search
Keyword: URL
malicious URL http://www.{BLOCKED}aspellingbee.com/document/slp_doro.php . Mal/Phish-A (Sophos)
long url parameter in the Redirect method. RSA Security RSA Authentication Agent for Web 5.2,RSA Security RSA Authentication Agent for Web 5.3 Trend Micro Deep Security shields networks through Deep
CVE-2006-5544 Visual truncation vulnerability in Microsoft Internet Explorer 7 allows remote attackers to spoof the address bar and possibly conduct phishing attacks via a malicious URL containing
via a long URL (DataURL parameter) that triggers memory corruption in the CTDCCtl::SecurityCHeckDataURL function, aka "Memory Corruption Vulnerability." microsoft ie 5.01,microsoft ie
following: It connects to the following URL to download its component which it will load in its memory and perform its malicious routine: {BLOCKED}.{BLOCKED}.150.23:80 However, as of this writing, the said
following processes: mshta https://{BLOCKED}.mp/wuioqhwkuqghsmgjhsgaa Other Details This Trojan does the following: It connects to the following URL to execute remote code: https://{BLOCKED
file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. Other Details This Trojan does the following: Connects to the following URL to retrieve the
following: It connects to the following URL to load a malicious template file: http://{BLOCKED}.{BLOCKED}.{BLOCKED}.18/_errorpages/obizx.doc However, as of this writing, the said sites are inaccessible.
possibly malicious URL when opened in a web browser: https://{BLOCKED}g.com/th/id/OIP.jQmZhreeKN9dMEBKw2-tcQAAAA?w=140&h=150&c=7&r=0&o=5&dpr=2&pid=1.0 HTML:Phishing-CTH [Phish] (AVAST) Downloaded from the
usernames obtained from the following URL: http://{BLOCKED}e.puzopuzo.biz/cmd.php When this URL is accessed by the backdoor, its C&C server sends back a command, which contains another URL where a text file
\ Internet Explorer\SearchScopes\{402128F8-5DD7-4039-B4BE-80E4366186AF} DisplayName = "????" HKEY_CURRENT_USER\Software\Microsoft\ Internet Explorer\SearchScopes\{402128F8-5DD7-4039-B4BE-80E4366186AF} URL =
from a remote malicious user: Sleep/Idle (2 minutes) Download and execute arbitrary file Update and uninstall itself Visit URL It connects to the following websites to send and receive information:
loaded. It adds an iframe with the following URL to vulnerable browsers when a vulnerable PDF plugin is detected: http://{BLOCKED}.{BLOCKED
\YMSGR_buzz content url = "http://{BLOCKED}al-news.com" HKEY_CURRENT_USER\Software\Yahoo\ pager\View\YMSGR_Launchcast content url = "http://{BLOCKED}al-news.com" It modifies the following registry entries:
It opens the non-malicious URL http://www.irs.gov/pub/irs-pdf/f941.pdf to hide its malicious routines from the user. It registers the downloaded .DLL file as a Browser Helper Object (BHO) by
\Microsoft\ Internet Explorer\Main Use Custom Search URL = "1" = (Note: The default value data of the said registry entry is .) HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ Internet Explorer\Main Search Bar =
This spyware arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. This file contains a URL where it connects to possibly
rundll32 {DLL copy},Startup It accesses the following URL to download an updated copy of itself or another malware: {date-time}.{BLOCKED}zy.net/get2.php The downloaded file is saved as %Windows%\{random} .
applications to entice a user to click them. This file contains a URL where it connects to possibly download other files. It deletes itself after execution. Arrival Details This Trojan arrives on a system as a
GET request on a specified URL Process Create processes Kill processes List processes Run files Reg Delete registry entries Read registry entries Modify registry entries System Enumerate drives and get