Search
Keyword: URL
to click on a link to see her photos. When clicked, the links redirects the user to the URL http:{BLOCKED}.infored.mx , a dating site blocked by Trend Micro. Trend Micro now detects and blocks this
This URL leads to a phishing site designed to replicate the legitimate RuneScape website, which is a popular massive multi-player online (MMO) gaming site. Upon accessing the phishing site users are
the .PDF file shows a URL to fake NACHA sites, which are now classified under 'Disease Vector' due to possible malware download.
email to avoid the AOL account suspension This URL leads to a phishing website. This phishing site is currently blocked.
was Adultfinder an online community that offers free adult dating. Clicking the image redirects users to a website where a possibly executable file will automatically be downloaded. The malicious URL is
is a Java class file that is used to execute an exploit code. Once successful, it may download and execute a possibly malicious file from a certain URL. The URL where this malware downloads the said
component bundled with malware/grayware packages. It may be hosted on a website and run when a user accesses the said website. NOTES: This Trojan connects to a possibly malicious URL. The URL where this
is a Java class file that is used to execute an exploit code. Once successful, it may download and execute a possibly malicious file from a certain URL. The URL where this malware downloads the said
bundled with malware/grayware packages. It executes when a user accesses certain websites where it is hosted. NOTES: This malware downloads from a URL specified in the parameter aaa . It then saves the
file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. NOTES: It contains a functions that attempts to connect to a certain URL to download a possibly
file from the URL specified in the parameter riversizer and saves it as %User Temp%\yr{random number}.exe . It then executes the downloaded file. (Note: %User Temp% is the current user's Temp folder,
file. The URL where it downloads the file which may be base64 encoded is usually indicated in the HTML param tag. Downloads files
JS_SHELLCOD.JON Once this URL is accessed, it connects to the following site: http://rchfs.com/10/nuspc.php. It then redirect the user to http://www.google.com to hide its execution. It also downloads the following
download files. It requires a URL parameter where to connect to and download file from, and a file name parameter where to save the downloaded file. Trojan-Downloader.Java.Agent.ja (Kaspersky) Downloads
hosted on a website and run when a user accesses the said website. Download Routine This Trojan downloads a possibly malicious file from a certain URL. The URL where this malware downloads the said file
malware/grayware or malicious users. Other Details This Trojan does the following: Displays the following: Employs social engineering tactic to trick the victims to manually access the following malicious URL either
}nd-kraemer.de/cijweh78fDFA It does the following: It executes the downloaded code from the URL using powershell. However, as of this writing, the said sites are inaccessible. Exploit:O97M/DDEDownloader.C (Microsoft);
does the following: It executes the downloaded code from the URL using powershell. However, as of this writing, the said sites are inaccessible. Exploit:O97M/DDEDownloader.C (Microsoft);
file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. Other Details This Trojan does the following: Connects to the following possibly malicious URL
}al.de/cijweh78fDFA It does the following: It executes the downloaded code from the URL using powershell. However, as of this writing, the said sites are inaccessible. W97M.Downloader.M (Norton);