Keyword: js_exploit
?yqAFwbPCLno=5257533130&ioidSagKPlS=x&wSaZlXDijTvPq=30 2g572f5352572i572f333357312h522j2h2g562f2j&wiZCFhFFDxy=2d2b2d2b2d2b2d It does not have rootkit capabilities. It does not exploit any vulnerability.
following URLs to possibly download other malicious files: http://d.{BLOCKED} Trend Micro detects the dowloaded file as: TROJ_SASFIS.VR Other Details This Trojan is a zero-day exploit for the
However, as of this writing, the said sites are inaccessible. It inserts an IFRAME tag that redirects users to certain URLs. Backdoor Routine However, as of this writing, the said sites are
Micro detection for HTML files with an encrypted JavaScript in a <div> tag, and its decryptor. Samples of this malware are seen to exploit the following vulnerabilities: CVE-2010-3552 CVE-2010-4452
This malware is related to a mass compromise that leads to a series of redirections that ultimately point users to the Blackhole Exploit kit exploiting vulnerabilities cited in CVE-2010-0188 and
} However, as of this writing, the said sites are inaccessible. NOTES: It does not have rootkit capabilities. It does not exploit any vulnerability. Downloaded from the Internet
This Trojan arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. This is the Trend Micro detection for Web pages that
firefox.exe iexplore.exe It imports rogue root certificates to browsers (Internet Explorer, Firefox). It does not have rootkit capabilities. It does not exploit any vulnerability.
} NOTES: This Trojan may arrive as a part of an exploit kit. Mal/ExpJS-BP(Sophos) Downloaded from the Internet Others
may be downloaded from the following remote sites: Compromised or malicious sites hosting RIG EK Exploit Kit Download Routine This Trojan saves the files it downloads using the following names: %User
This Trojan arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. Arrival Details This Trojan arrives on a system as a
This Trojan arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. It may be hosted on a website and run when a user slushpool stratum+ usxmrpool xmrpool yiimp zergpool zergpoolcoins zpool It is capable of propagating in the local network via the following means: SMB Exploit
does not exploit any vulnerability. Downloaded from the Internet
}{random}{random} --> However, as of this writing, the said sites are inaccessible. It does not exploit any
install browser extension: It may change the default search website to the following URL: http://{BLOCKED}{searchTerms}&crm=1&toolbar=GLS It does not exploit any
are inaccessible. Information Theft This Trojan does not have any information-stealing capability. Other Details This Trojan does not exploit any vulnerability. HEUR:Trojan-Downloader.Script.SLoad.gen
This Trojan may arrive bundled with malware packages as a malware component. It executes when a user accesses certain websites where it is hosted. It is a component of other malware. It requires its
This Trojan arrives as an attachment to email messages spammed by other malware/grayware or malicious users. Arrival Details This Trojan arrives as an attachment to email messages spammed by other
This Trojan arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. As of this writing, the said sites are inaccessible.