IXESHE

IXESHE is a backdoor Trojan that's unusual for its preference for infecting specific targets instead of employing a modern and indiscriminate propagation model; IXESHE's favored victims so far include manufacturers of electronics, German telecommunications companies and countries based in the eastern Asia region. Although IXESHE attempts to conceal its attacks, as a backdoor Trojan, IXESHE allows criminals to use your computer's resources for a variety of crimes, most prominently including recruiting your PC as a spare Command & Control server that can issue commands and data to other infected computers. Because Trend Micro has noted that IXESHE especially targets PCs in Taiwan and the United States, SpywareRemove.com malware researchers especially warn residents of these countries to have appropriate anti-malware protection against potential IXESHE attacks.

IXESHE: An Uncommon Trojan with a Standardized Means of Infection

Although IXESHE is, in many ways, a unique PC threat, SpywareRemove.com malware researchers have found that its ingenuity doesn't extend to IXESHE's basic strategy for distributing itself. IXESHE commonly infects vulnerable PCs in the form of a malicious .pdf attachment in spam e-mails, similar to many other e-mail-distributed Trojans and some worms. Patching both Flash and all Adobe-brand software can help to reduce the vulnerabilities that IXESHE can exploit to install itself, although it should be noted that IXESHE has also been found to use some zero-day (and, therefore, unpatched) security exploits for its installation.

While, as noted earlier, Taiwanese and American PCs are particularly vulnerable to IXESHE's attacks, other countries have also been found to suffer from IXESHE's attentions, including Germany, Mexico, the United Kingdom, Italy and Brazil. In addition to being made vulnerable to all the traditional attacks of backdoor Trojans, infected PCs are also recruited as part of IXESHE's C&C server network – although IXESHE also includes several hard-coded C&C servers as fail-safes. Once IXESHE infects your PC, IXESHE will conceal its files with the Hidden attribute and use various methods to launch itself automatically (including exploiting the Startup folder or the system's Registry), and symptoms of IXESHE's attacks may not be obvious without anti-malware software.

Why a Hiding IXESHE Trojan Isn't Something to Ignore

IXESHE is capable of all the basic functions that SpywareRemove.com malware experts have come to expect from backdoor Trojans, including:

• Allowing a remote user to delete files on your computer.
• Serving as an accessory for downloading or installing other files, including other PC threats.
• Allowing a remote user to shut down processes and programs on your computer without your consent.
• Enabling transmission of data from your PC to a remote server.

Even if IXESHE's files are spotted, easy identification isn't likely, since IXESHE uses misleading file names (such as the file name for Adobe Acrobat's installer) to make its files look legitimate. Given IXESHE's sophisticated defenses and the significant damage that its attacks are capable of causing, SpywareRemove.com malware researchers strongly encourage you to use updated anti-malware programs to find and remove IXESHE as necessary.

Technical Details