Xpiro Developers Add Newer Functionalities to their Ware

Researchers from Symantec the security company say that after an overtly lengthy period of time, malware developers creating Xpiro the file contaminator have added several new unusual capabilities to their ware.

The security researchers explain that the upgraded Xpiro, which Symantec identified as W64.Xpiro and W32.Xpiro.D, stubbornly remains on the target device, infecting files. Also, the malware has been created for contaminating both 64-bit and 32-bit .exe documents, especially AMD64 (64-bit), Intel 64 (64-bit) and Intel 386 (32-bit) architectures.

Essentially, when the new Xpiro enters a PC, it begins contaminating the service files, win32. Thereafter, the malicious program searches .lnk files within 'start' menu and desktop of the victim, as well as contaminates all. The reason why link files are targeted is that their execution is most highly possible following a system restart.

Finally, .exe files that may be on removable, fixed or mapped drives get contaminated.

Although theft of data from the infected computer is the malware's chief objective, something that is not uncommon, however, the point worth noting is that the fresh variants execute far treacherous operations.

The new Xpiro infector when gets active, it alongside typically contaminating executable files, adds one Chrome else Firefox extension. While the Firefox filename remains concealed, the Chrome filename appears as "Google Chrome 1.0" which looks sanitized but is actually deceptive. The Firefox filename in the current case conceals its extension's presence, impairs Web-browser safety, intercepts user's online operation, seizes logs, as well as diverts web-browser onto already defined domains.

Moreover, as Xpiro doesn't show its presence among the extension items, an identical number of these items appears prior to and after contamination. The malware also changes the browser settings that impairs the latter's security.

If an end-user attempts at updating his Web-browser, Xpiro prevents by substituting the update web-address by one local Internet Protocol id.

Xpiro's purveyors by adding newer functionalities to the threat aim to infect .exe documents across several platforms. Other file-contaminating malware groups may also do the same while enhancing their arsenal with more sophisticated functionalities so they may become increasingly viable and potent on various platforms, Symantec sums up.

» SPAMfighter News - 8/2/2013