The malware desquises itself as an Internet Explorer process. It creates a suspended instance of Internet Explorer, it decrypts and injects it’s malicious code into the executable image of the newly created process and resumes the instance of IE modifying the instruction flow to point to the injected code. Now the malicious code runs as a legitimate Internet Explorer serving itself of all the rights and firewall exceptions of such a process.
After installing itself into the infected computer, Xorpix opens a backdoor connection inviting the attacker to use this computer as a proxy for other malicious activities. The attacker is announced of the infection with a http request using a carefully crafted URL that contains the host’s address, open port and other information about the infected computer such as the version of the operating system.
Trojan.Proxy.Xorpix.B is part of a family of trojans that allow a remote attacker to control the infected machine and use it to direct traffic to the internet without the user’s knowledge, making it part of a large network of infected computers.
Xorpix opens up a large security hole on your computer and is a very dangerous threat to the security of your personal and financial data. Xorpix installs as a hidden system file and can be extremely difficult to manually remove.
More details here.
tags
The meaning of Bitdefender’s mascot, the Dacian Draco, a symbol that depicts a mythical animal with a wolf’s head and a dragon’s body, is “to watch” and to “guard with a sharp eye.”
View all postsDecember 19, 2024
November 14, 2024