What is Poweliks?

Poweliks is a rather new Trojan horse that does not create any files on the system, which makes the detection process more complex. The Poweliks malware is spread via a phishing email which is supposedly sent by Canada Post or USPS mail. The email says that the post service failed to deliver some item and now provides tracking information, which is available in the file attached. If you are not waiting for any parcel to be delivered, you should ignore such phishing emails and remove them immediately. This type of deception is commonplace, and you should be extra careful with suspect emails and offers. It is also important to keep the system protected against malware and spyware; otherwise, you may experience serious consequences related to your online security.

How does the Poweliks malware work?

Poweliks resides in the Windows registry only, which is a new approach to malware distribution because the initial files hold all code, encrypted and hidden, which is necessary to compromised the system. The attackers have exploited the vulnerability CVE-2012-0158 in Microsoft Work. The Poweliks malware creates a startup registry which executes the legitimate rundll32.exe. Ff the computer does not have the PowerShell or .NET framework, it downloads it from the official Microsoft website. Next, the infection decrypts a PowerShell script from the encrypted JavaScript. Once the malicious actions are performed, a binary program is executed. As a result, the program connects to certain remote locations to receive the attackers’ commands. All the actions performed are stored in the registry, and no files are ever created.

As regards the autostart registry, the character that stands for the key’s name is not an ASCII character, so Regedit cannot read it. Therefore, the user cannot open the key.

In order to catch the infection, AV solutions should detect the initial Word document before its execution and before it reaches the victim. Another solution is to detect the software exploit after the file’s execution.

How to prevent the Poweliks malware?

Even if you are not a regular Internet user, you operating system should be protected against malware because you cannot know when the system will get infected. In order to prevent various threats, you should implement a reputable spyware and malware removal tool. Moreover, you should not open suspect emails and browse unsecured websites because a single click may have adverse consequences. There are many malicious programs that are difficult to remove, so do not take the risk. Make sure that the operating system is protected and be alert to the possibility of facing malicious threats

100% FREE spyware scan and
tested removal of Poweliks*

Leave a Comment

Enter the numbers in the box to the right *