Search

 Different variants of fake Paypal notice emails were found in recent circulation. The contents of the email included the recipient’s name, PayPal ID, payment amounts, as well as the malicious link. The...

Spammed messages purporting to come from Paypal and American Express Bank are found in the wild. The spoofed Paypal notification claims that the recipient’s payment is alread...

This is a Trend Micro detection for a type of phishing email purportedly from PayPal.

This Trojan arrives as an attachment to email messages spammed by other malware/grayware or malicious users.

This spyware executes when a user accesses certain websites where it is hosted.

This Trojan arrives as an attachment to email messages spammed by other malware/grayware or malicious users. It arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. It may...

Background of the AttackA new phishing attack that originated from Mexico takes advantage of the controversial news about an allegedly missing four-year-old girl, Paulette Gebara Farah, who was later found dead...

This worm arrives via removable drives.It is injected into all running processes to remain memory resident.It drops copies of itself into all the removable drives connected to an affected system. It drops copies of itself in removable drives. These ...

This description is based on a compiled analysis of several variants of WORM_DORKBOT. Note that specific data such as file names and registry values may vary for each variant.This worm arrives via removable drives. It may be downloaded by other malw...

TEQUILA is bot malware which made headlines after targeting Mexico's financial institutions in 2010. The botnet particularly targeted the country's local Paypal site and the country's largest bank, Bancomer.This malware connects to a C&C server in or...

This worm arrives by connecting affected removable drives to a system. It arrives via removable drives. It may be dropped by other malware.It drops an AUTORUN.INF file to automatically execute the copies it drops when a user accesses the drives of a...

* indicates a new version of an existing ruleDeep Packet Inspection Rules:DHCP Client1009116* - DHCP Client Script Code Execution Vulnerability (CVE-2018-1111) - 1DHCP Client - Incoming1009114* - DHCP Client Script Code Executi...

This worm arrives by connecting affected removable drives to a system. It may be unknowingly downloaded by a user while visiting malicious websites.It drops copies of itself into all the removable drives connected to an affected system.It deletes it...

This worm arrives via removable drives. It arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites.It drops copies of itself in all removable drives. It drops an AUTORUN.INF f...

This worm arrives via removable drives. It arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites.It executes the downloaded files. As a result, malicious routines of the dow...

* indicates a new version of an existing ruleDeep Packet Inspection Rules:Ivanti Endpoint Manager1012253* - Ivanti Endpoint Manager SQL Injection Vulnerabilities (CVE-2024-32848 and CVE-2024-13162)1012346 - Ivanti Endpoint Man...

* indicates a new version of an existing ruleDeep Packet Inspection Rules:DNS Server1009474 - PowerDNS Recursor Out Of Bounds Read Denial Of Service Vulnerability (CVE-2018-16855)IBM WebSphere Application Server1009803* - IBM W...

This worm arrives via removable drives. It arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites.It drops an AUTORUN.INF file to automatically execute the copies it drops wh...

This worm arrives via removable drives.It executes commands from a remote malicious user, effectively compromising the affected system.

* indicates a new version of an existing ruleDeep Packet Inspection Rules:Web Application Common1011171* - Apache HTTP Server Directory Traversal Vulnerability (CVE-2021-41773 and CVE-2021-42013)Web Application PHP Based1010...