Poweliks: The file-less little malware that could

By | August 6, 2014

The following article is from our friends at Emsisoft. We want you to read this because this could be the future of malware — a new kind of malware that isn’t a file or a program yet can wreak havoc on your computer. 

Poweliks: The file-less little malware that could

5050540_sWhen you think about malware, you probably imagine a nasty little file that’s been installed on your computer. When you think about anti-malware, you probably imagine some sort of program that can remove that nasty file, and help you go about your day, malware-free. Malware doesn’t always need files though. And anti-malware can’t always do its job through file detection alone.

New research has uncovered a malware called Poweliks that can infect your computer without creating any files on your hard drive.

Instead, Poweliks creates a blank registry entry that automatically runs when you boot up your computer. This registry entry will check if your computer has Windows PowerShell installed, and initiate a download of the scripting program if it doesn’t. Once the presence of PowerShell is confirmed, Poweliks will then run a script that injects a malicious DLL into system memory. This DLL then connects your computer to a command and control server, which can be used to collect personal information or to load more malware onto an infected PC.

Poweliks is particularly evasive for two reasons: it does not create files on the hard drive and, according to reports, it creates a blank registry entry using a non-ASCII character. Both of these measures ensure that manual detection by user or even malware researcher are difficult. Poweliks’ file-less nature also means that antivirus products that rely on file-based detection alone will not find it.

For the full story on Poweliks, see PC World Magazine. For technical analysis, see Malware Don’t Need Coffee.

Have a great (malware-free) day!

See more at: http://blog.emsisoft.com/2014/08/06/poweliks-the-file-less-little-malware-that-could/#sthash.l3GMEcte.dpuf

Emsisoft Anti-Malware is available from Cloudeight for $10 off the regular retail price…learn more here.

3 thoughts on “Poweliks: The file-less little malware that could

  1. Janice M.

    TC–EB!! HELP! What are we going to do to keep from getting the Poweliks malware?? If no one has come up with a solution to this “rottenware infection” are we going to have to just unplug to be SAFE?
    What can I say? This is the first time in all the years I’ve been with you, I’M REALLY WORRIED!

    Do you or Emsisoft have any ideas or additional information?

    Thanks for making us aware of this new type of malware as well as all the other info and services you provide for us!

    Reply
  2. Doug

    Thanks for the article. This is really bad. Hopefully, Emsisoft can come up with a guard. I am so glad you two brought Emsisoft to all of us. They have been great in trapping all kinds of bad stuff that tries to get on my computer.

    Reply
  3. Lee

    We recently have heard all about the discovery of USB device intrusion and how absolutely nothing can be done about it. Now we hear from Emsisoft about Poweliks, which apparently nothing is yet available to overcome this either. Over the years we’ve dealt with viruses, trojans, worms, rootkits, spyware and adware of hundreds of types, rogue websites, and more. It’s never ending. The end result for most users is that if they are conscientious they spend at least half of their time troubleshooting problems and attempting prevention techniques to ward off all the evil “spirits” that those who are criminally minded unceasingly inflict on Microsoft Windows users. Using a computer that has internet access is supposed to be fun, enlightening, educational, and a joy to be able to use as one desires. Speaking strictly for myself after having spent years in professional support of Microsoft Windows (countless different versions) and related Microsoft products I have to now state that I’m growing weary of going through this mental, physical, and financially draining exercise. All of this is because Microsoft, in the infancy of the company, did not and still does not in spite of what they say, place great emphasis on development of security systems which work and do the job that they “should” be doing. Apple got it right. So did Linus Torvalds, the creator of Linux. Sooner or later, probably sooner, I’ll finally get a stomach full of wasting my time going through these needless gymnastics and convert completely to either Mac or Linux. In spite of what some would have you to believe, Mac and Linux are not difficult to learn. In spite of what some would have you believe, either one will do everything and more than most users will ever attempt and do it with ease. As the saying goes, just my two cents worth. To all I wish you a good and enjoyable day.

    Reply

Leave a Reply

Your email address will not be published. Required fields are marked *