“All activities are stored in the registry. No file is ever created,” “So, attackers are able to circumvent classic anti-malware file scan techniques with such an approach and are able to carry out any desired action when they reach the innermost layer of [a machine] even after a system re-boot.” “To prevent attacks like this, antivirus solutions have to either catch the initial Word document before it is executed (if there is one), preferably before it reached the customer’s email inbox.” states the post published by GData.
“It might install spyware on the infected computer to harvest personal information or business documents. It might also install banking Trojans to steal money or it might install any other form of harmful software that can suit the needs of the attackers. Fellow researchers have suggested that Poweliks is used in botnet structures and to generate immense revenue through ad-fraud.”
The malware analysts consider Poweliks a very complex code which use several code layers to hide itself from prying eyes, it is able to survive without any file creation and this circumstance makes it very insidious, he performs every operation in memory and maintain persistence through a smart use of the Windows registry.
No doubts that we will see many other malware like Poweliks in the next future.
(Security Affairs – Poweliks, malware)