Trojan Spy-XR
Threat Scorecard
EnigmaSoft Threat Scorecard
EnigmaSoft Threat Scorecards are assessment reports for different malware threats which have been collected and analyzed by our research team. EnigmaSoft Threat Scorecards evaluate and rank threats using several metrics including real-world and potential risk factors, trends, frequency, prevalence, and persistence. EnigmaSoft Threat Scorecards are updated regularly based on our research data and metrics and are useful for a wide range of computer users, from end users seeking solutions to remove malware from their systems to security experts analyzing threats.
EnigmaSoft Threat Scorecards display a variety of useful information, including:
Ranking: The ranking of a particular threat in EnigmaSoft’s Threat Database.
Severity Level: The determined severity level of an object, represented numerically, based on our risk modeling process and research, as explained in our Threat Assessment Criteria.
Infected Computers: The number of confirmed and suspected cases of a particular threat detected on infected computers as reported by SpyHunter.
See also Threat Assessment Criteria.
| Ranking: | 6,110 |
| Threat Level: | 10 % (Normal) |
| Infected Computers: | 788 |
| First Seen: | January 5, 2012 |
| Last Seen: | September 15, 2023 |
| OS(es) Affected: | Windows |
Computer criminals have shown that they lack scruples by attacking the Amnesty International United Kingdom website. Trojan Spy-XR is linked to an attack in December of 2011 on this charitable organization's official website. Amnesty International has long been an organization dedicated to fighting for human rights all around the world. Their website was hacked by criminals and was used to spread the Trojan Spy-XR through the use of a Java exploit which was patched shortly after this attack. According to ESG security researchers, attacks like these are the reason why it is really importantl to utilize a real-time malware scanner.
Table of Contents
Trojan Spy-XR and the Amnesty International Website
Analyzing the attack, PC security specialists concluded that the attack on the Amnesty International website occurred on December 16, 2011. On the main page of this organization, a Java exploit was used to deliver a Java applet that downloads and installs the Trojan Spy-XR onto the visitor's computer system. The Trojan Spy-XR is a version of a malware infection that is designed to steal data from the infected computer system. The first appearances of the Trojan Spy-XR in the wild were first detected in the early summer of 2011.
Suspicions Regarding the Trojan Spy-XR Attack on Amnesty International
The United Kingdom website for the Amnesty International organization is not particularly high-trafficked. Because of this, ESG malware analysts suspect that this was not a generic Trojan attack designed to steal a victim's banking information. Authorities suspect that the criminals behind the Trojan Spy-XR attack are part of a Chinese effort to gather information on human rights organizations that may be active in that country. Individuals involved in these kinds of efforts confirm the majority of the web traffic received by the Amnesty International website. This is not the first attack on human right's charitable organizations. Corrupt governments may be enlisting computer criminals to take advantage of zero-day security exploits and other well-funded methods in order to attempt to get more information on activists and human rights organizations. A similar attack was detected previously at the Amnesty International Hong Kong website. This despicable behavior leads security researchers to warn human rights activists and other individuals involved in these kinds of efforts to make sure that reliable security software is installed on their computer systems. While basic computer security precautions must always apply, these kinds of attacks take advantage of supposedly safe websites to circumvent these measures.
File System Details
| # | File Name |
Detections
Detections: The number of confirmed and suspected cases of a particular threat detected on
infected computers as reported by SpyHunter.
|
|---|---|---|
| 1. | C:\WINDOWS\ime\wmimachine2.dll |
Registry Details
URLs
Trojan Spy-XR may call the following URLs:
| https://www.privatebrowsing-search.com/search/? |
Submit Comment
Please DO NOT use this comment system for support or billing questions. For SpyHunter technical support requests, please contact our technical support team directly by opening a customer support ticket via your SpyHunter. For billing issues, please refer to our "Billing Questions or Problems?" page. For general inquiries (complaints, legal, press, marketing, copyright), visit our "Inquiries and Feedback" page.