Search
Keyword: yahoo
worm adds the following registry entries to enable its automatic execution at every system startup: HKEY_CURRENT_USER\Software\Microsoft\ Windows\CurrentVersion\Run Yahoo Messengger = "%System%
Twitter Uploaded Uploading.com Vip-file Vkontakte Webnames Whatcd Yahoo YouPorn YouTube It may also prevent the user from using the following applications: cmd.exe ipconfig.exe regedit.exe regsvr32.exe
Runescape SendSpace Sms4file SpeedyShare Steam The Pirate Bay TorrentLeech Twitter Uploaded Uploading.com Vip-file Vkontakte Webnames Whatcd Yahoo YouPorn YouTube It has the following backdoor capabilities:
Online Partner Card Services Paypal Regions Sparda Net Banking Sun Trust U.S. Bank U.S. Bank Internet Banking USAA Wells Fargo Yahoo Stolen Information This spyware sends the gathered information via HTTP
copies of itself via IM applications: Yahoo Messenger Skype However, as of this writing, the said sites are inaccessible. It deletes the initially executed copy of itself NOTES: It terminates itself if the
Messenger (ATT&CK T1102) 1002462* - MSN Messenger File Transfers (ATT&CK T1102) 1004941* - QQ Messenger (ATT&CK T1102) 1003243* - Yahoo Instant Message URL Blocker (ATT&CK T1102) 1002163* - Yahoo! Messenger
ftp.drivehq.com NOTES: It monitors the following browser and instant messaging client: Internet Explorer Yahoo Messenger It steals from the following registry entries: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows
tribalfusion.com truveo.com twimg.com virtualearth.net wazizu.com webcrawler.com worthathousandwords.com yahoo yieldmanager.com yimg.com ytimg.com It modifies the Master Boot Record (MBR) of the affected system to
OfficeBanking PayPal Runescape Sendspace Sms4file Speedyshare Steam Thepiratebay Torrentleech Twitter Vip-file vkontakte Webnames Whatcd Yahoo YouPorn YouTube It blocks access to websites with the following
2003.) Autostart Technique This worm adds the following registry entries to enable its automatic execution at every system startup: HKEY_CURRENT_USER\Software\Microsoft\ Windows\CurrentVersion\Run Yahoo
to check for the following analysis tools: File Monitor Process Monitor Registry Monitor It monitors the following browser and instant messaging client: Internet Explorer Yahoo Messenger It steals from
Instant Messenger Information (Gtalk, Pidgin, Skype, Yahoo Messenger): Username Password Stolen Information This spyware saves the stolen information in the following file: %Application Data%
Netflix Netload OfficeBanking Passwd PayPal Runescape Sendspace Sms4file Speedyshare Steam Thepiratebay Torrentleech Twitter Uploaded Uploading.com Vip-file Vkontakte Webnames Whatcd Yahoo YouPorn YouTube
automatic execution at every system startup: HKEY_CURRENT_USER\Software\Microsoft\ Windows\CurrentVersion\Run Yahoo Messengger = "%System%\gphone.exe" It modifies the following registry entries to ensure it
Thepiratebay Torrentleech Twitter Uploaded Uploading Vip-file Vkontakte Webnames Whatcd Yahoo YouPorn YouTube It monitors the following browsers: Flock Google Chrome Internet Explorer Mozilla Firefox Opera It
Namecheap Netflix Netload OfficeBanking PayPal Runescape Sendspace Sms4file Speedyshare Steam Thepiratebay Torrentleech Twitter Uploaded Uploading Vip-file Vkontakte Webnames Whatcd Yahoo YouPorn YouTube It
following websites: OfficeBanking Megaupload FileServe Twitter AlertPay Moneybookers LogMeIn Runescape DynDNS Steam Hackforums Facebook Yahoo Gmail Fastmail BigString AOL YouTube PayPal Other Details This
HKEY_CURRENT_USER\Software\Microsoft\ Windows\CurrentVersion\Run Yahoo Messengger = "%System%\system32_.exe" It modifies the following registry entries to ensure it automatic execution at every system startup:
=Search... shell\search\command={malware path and filename} useautoplay=1 It sends copies of itself to target recipients using the following instant-messaging (IM) applications: Skype AIM ICQ Yahoo Messenger
Passwords Proxies Instant Messenger Information (Gtalk, Pidgin, Skype, Yahoo Messenger): Username Password Stolen Information This spyware saves the stolen information in the following file: %Application Data