FPCH Admin allheart55 Cindy E Posted August 5, 2014 FPCH Admin Posted August 5, 2014 A new piece of malware called Poweliks can seize control of a Windows computer — and it can't be detected by antivirus programs. That's because it doesn't download any files to the infected computer; instead, it resides as encrypted text in the computer's registry. From there it can seize control of the computer's processes to do things such as download more malware onto the computer. Poweliks is all but invisible to traditional antivirus programs, which work by searching for recognized malware files — a potentially very dangerous situation, said malware researcher Paul Rascagnères. "As the malware is very powerful and can download any payload, the amount of possible damage is not really measurable," Rascagnères, a threat researcher with Bochum, Germany-based antivirus company G Data, wrote in a company blog post. MORE: 7 Scariest Security Threats Headed Your Way Poweliks, which has also been documented by Tokyo-based antivirus firm Trend Micro, has been spotted infecting computers via a corrupted Microsoft Word file attached to an email, but the file could spread in other ways as well. This is the best place that an antivirus program might be able to catch Poweliks, if the program scans for malicious email attachments, Rascagnères said. If the malicious file is opened, it will create an encoded autostart registry key and hide it within the Windows registry, where the computer's configuration settings are stored. Every time the computer is booted, the key implements code that eventually reaches out to an external IP address controlled by the malware's creators. Through this connection, the creators can then issue further commands. Rascagnères compared the attack's structure to Russian matryoshka nesting dolls: Poweliks targets the innermost "doll" of the computer, and uses that vantage point to compromise the entire device. Poweliks appears to be a fairly recent creation, and it's not yet clear what the malware was created to do. "It might install spyware on the infected computer to harvest personal information or business documents," Rascagnères wrote. "It might also install banking Trojans to steal money, or it might install any other form of harmful software that can suit the needs of the attackers. Fellow researchers have suggested that Poweliks is used in botnet structures and to generate immense revenue through ad-fraud." Quote ~I know that you believe you understand what you think I said, but I'm not sure you realize that what you heard is not what I meant.~ ~~Robert McCloskey~~
starbuck Posted August 6, 2014 Posted August 6, 2014 Our tools have already been updated to search for this and have the ability to remove it. Quote
FPCH Admin allheart55 Cindy E Posted August 6, 2014 Author FPCH Admin Posted August 6, 2014 I'm not surprised, Pete. These guys are usually on the ball with any threats. Quote ~I know that you believe you understand what you think I said, but I'm not sure you realize that what you heard is not what I meant.~ ~~Robert McCloskey~~
FPCH Admin allheart55 Cindy E Posted August 6, 2014 Author FPCH Admin Posted August 6, 2014 I always feel more at ease knowing Pete and Gene are around. They have access to all the newest tools. Quote ~I know that you believe you understand what you think I said, but I'm not sure you realize that what you heard is not what I meant.~ ~~Robert McCloskey~~
Recommended Posts