The malware desquises itself as an Internet Explorer process. It creates a suspended instance of Internet Explorer, it decrypts and injects it’s malicious code into the executable image of the newly created process and resumes the instance of IE modifying the instruction flow to point to the injected code. Now the malicious code runs as a legitimate Internet Explorer serving itself of all the rights and firewall exceptions of such a process.
After installing itself into the infected computer, Xorpix opens a backdoor connection inviting the attacker to use this computer as a proxy for other malicious activities. The attacker is announced of the infection with a http request using a carefully crafted URL that contains the host’s address, open port and other information about the infected computer such as the version of the operating system.
Trojan.Proxy.Xorpix.B is part of a family of trojans that allow a remote attacker to control the infected machine and use it to direct traffic to the internet without the user’s knowledge, making it part of a large network of infected computers.
Xorpix opens up a large security hole on your computer and is a very dangerous threat to the security of your personal and financial data. Xorpix installs as a hidden system file and can be extremely difficult to manually remove.
More details here.
What is medical identity theft and how to protect against it
July 27, 2022
Identifying and Dealing with Online Bullying Is Not Impossible - School Presentation Inside
June 28, 2022
Let’s Celebrate World Social Media Day by Improving Your Privacy and Security Online
June 28, 2022
Bitdefender Reveals the Top Cyber Threats Faced by Consumers in 2021
June 22, 2022
Scam alert: Cybercrooks use shady investment domain to scam keen investors out of money and data
May 24, 2022