14 DAY TRIAL // TROJ_PROXY.PL is that kind of Windows infection that doesn't harm the files stored on your computer but instead, it attempts to use the system as a way to hide the identity of cybercriminals and allow them to remain anonymous while conducting illegal activities. Security vendor Trend Micro wrote in an advisory released today that the Trojan horse affected most Windows versions, including 98, ME, NT, 2000, XP and Server 2003. Although it comes with a low overall risk rating, TROJ_PROXY.PL has a medium damage potential, as it acts like a proxy server to allow attackers connect to your system.
Trend Micro mentioned that it could easily reach a vulnerable system, because it might be deployed by other malware or it might be downloaded without users' approval when visiting malicious pages equipped with the Trojan horse.
"It opens random ports. It acts as a proxy server to allow a remote malicious user to use the affected system in concealing the said author's identity when performing malicious activities", the security company noted. "Proxy servers act as an intermediary between a user and a server. Connections using a proxy server allow remote users to hide their original location since connections can only be traced to a system where this Trojan is installed."
Since it must act like a proxy server, the Trojan attempts to create some new registry entries in order to be sure that it is started every time the operating system is loaded. According to Trend Micro, the following registry keys are added by TROJ_PROXY.PL: