Windows malware threat Poweliks lives in Windows Registry

A new trojan for Windows has been discovered that’s particularly hard to detect. Called Poweliks, instead of being a malicious file, it’s located in a subkey in a registry of Windows, very unusual for malware. Poweliks is distributed by more traditional methods like email attachments and through ‘angler’ exploits via Adobe Flash and Java.

Once installed in the registry, Poweliks can receive commands from remote attackers, as with many trojans. One function of Powelik is click fraud. This is ‘invisible’ clicks on Internet adverts to create revenue for sites, as internet advertisers have to pay for every click on their ads.

Symantec say Powelik can be found by Norton Antivirus, running a full system scan, but removal may require replacing the infected Windows system file with a Windows installation CD.

It’s also been known to attack using Flash and Java security exploits, so it’s very important that you keep these up to date, as older versions are easy prey for malware (this is good advice any time). The other main way of distribution, email attachments, is easier for you to control – never click on attachments from sources you don’t trust, whatever the subject or content of the email.

According to Symantec, Poweliks threatens all versions of Windows up to Windows 7, so Windows 8/8.1 users need not worry. Nevertheless, keeping all of your apps and software up to date while being vigilant about malicious email is still a necessity.

Source: Symantec, Heise.de

Related Stories

Best free antivirus

Mozilla bringing DuckDuckGo to Firefox 34

The 7 scariest cyber security breaches of 2014

Follow Jonathan on Twitter: @jonathanriggall