“All activities are stored in the registry. No file is ever created,” “So, attackers are able to circumvent classic anti-malware file scan techniques with such an approach and are able to carry out any desired action when they reach the innermost layer of [a machine] even after a system re-boot.” “To prevent attacks like this, antivirus solutions have to either catch the initial Word document before it is executed (if there is one), preferably before it reached the customer’s email inbox.” states the post published by GData.
“It might install spyware on the infected computer to harvest personal information or business documents. It might also install banking Trojans to steal money or it might install any other form of harmful software that can suit the needs of the attackers. Fellow researchers have suggested that Poweliks is used in botnet structures and to generate immense revenue through ad-fraud.”
The malware analysts consider Poweliks a very complex code which use several code layers to hide itself from prying eyes, it is able to survive without any file creation and this circumstance makes it very insidious, he performs every operation in memory and maintain persistence through a smart use of the Windows registry.
No doubts that we will see many other malware like Poweliks in the next future.
(Security Affairs – Poweliks, malware)
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.