Search
Keyword: JS_EXPLOIT
Micro detection for HTML files with an encrypted JavaScript in a <div> tag, and its decryptor. Samples of this malware are seen to exploit the following vulnerabilities: CVE-2010-3552 CVE-2010-4452
}iknepjet.ru:8080/forum/showthread.php?page=5fa58bce769e5c2c However, as of this writing, the said sites are inaccessible. NOTES: It does not have rootkit capabilities. It does not exploit any vulnerability. Downloaded from the Internet
?yqAFwbPCLno=5257533130&ioidSagKPlS=x&wSaZlXDijTvPq=30 2g572f5352572i572f333357312h522j2h2g562f2j&wiZCFhFFDxy=2d2b2d2b2d2b2d It does not have rootkit capabilities. It does not exploit any vulnerability.
following URLs to possibly download other malicious files: http://d.{BLOCKED}inrt.us/s.exe Trend Micro detects the dowloaded file as: TROJ_SASFIS.VR Other Details This Trojan is a zero-day exploit for the
However, as of this writing, the said sites are inaccessible. It inserts an IFRAME tag that redirects users to certain URLs. Backdoor Routine However, as of this writing, the said sites are
}epcteete.biz/3857076415/1384748340.jar NOTES: This Trojan may arrive as a part of an exploit kit. Mal/ExpJS-BP(Sophos) Downloaded from the Internet Others
firefox.exe iexplore.exe It imports rogue root certificates to browsers (Internet Explorer, Firefox). It does not have rootkit capabilities. It does not exploit any vulnerability.
This Trojan arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. It may be hosted on a website and run when a user
may be downloaded from the following remote sites: Compromised or malicious sites hosting RIG EK Exploit Kit Download Routine This Trojan saves the files it downloads using the following names: %User
This Trojan arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. Arrival Details This Trojan arrives on a system as a
does not exploit any vulnerability. Downloaded from the Internet
ratchetmining.com slushpool stratum+ suprnova.cc teracycle.net usxmrpool viaxmr.com xmrpool yiimp zergpool zergpoolcoins zpool It is capable of propagating in the local network via the following means: SMB Exploit
}africadesigns.com/fida/wp-admin/css/colors/blue/blue.php?id={random} https://mambo-africadesigns.com/fida/wp-admin/css/colors/blue/blue.php?id={random} --> However, as of this writing, the said sites are inaccessible. It does not exploit any
install browser extension: It may change the default search website to the following URL: http://{BLOCKED}k.com/toolbarv/askRedirect.jsp?gct=&gc=1&q={searchTerms}&crm=1&toolbar=GLS It does not exploit any
This Trojan arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. As of this writing, the said sites are inaccessible.
This Trojan may be downloaded by other malware/grayware from remote sites. It executes the downloaded files. As a result, malicious routines of the downloaded files are exhibited on the affected
This Trojan arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. It executes the downloaded files. As a result, malicious
This Trojan arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. It executes the downloaded files. As a result, malicious
This Trojan arrives as an attachment to email messages spammed by other malware/grayware or malicious users. It arrives on a system as a file dropped by other malware or as a file downloaded
This Trojan may arrive bundled with malware packages as a malware component. It executes when a user accesses certain websites where it is hosted. It is a component of other malware. It requires its