Poweliks

Poweliks is a complex and dangerous Trojan horse that uses a novel technique to compromise the operating system. The Poweliks malware exploits the Microsoft Word vulnerability CVE-2012-0158, which was fixed about a year ago. More specifically, the infection gets onto the computer via a phishing email which suggests that Canada Post or USPS mail has failed to deliver some item to you; hence, they provide you with further information regarding the parcel. It is crucial to ignore such emails especially if you have not ordered anything, because the attachment is likely to be a piece of malware.

The Poweliks malware is a unique infection because it does not create any files after execution. The infection creates and an auto-start registry entry, which features a non-on ASCII character that makes the registry key unavailable, because Regedit cannot read it. Next, the infection scours the system for the PowerShell or .NET frameworks, and, if nothing is detected, it downloads the installer of the frameworks. Another step is the decryption of a Powershell script. Once it is done, the Powershell script executes a binary program which connects to the following locations: 178.89.159.34 and 178.89.159.35. After connecting to these locations, the Poweliks malware receives commands from the remote attackers and may also delete the binary program. When controlled by the attackers, the Poweliks malware can perform a great variety of malicious actions. Usually, such programs steal sensitive information in an attempt to obtain the victim’s money. The Poweliks malware is capable of starting any program on the infected system, which is likely to have far-reaching consequences.

Since the Poweliks malware uses a new technique, the detection of the program becomes complicated. In order to prevent an attack like this, it is essential to detect the initial file, i.e., the Word document before it is executed. Ideally, it should be done before it gets to the victim’s email box.

In order to prevent the Poweliks malware and similar occurrences, it is important to keep security programs and the system up-to-date. Moreover, it is worth creating some data backups on a regular basis. If you do not have a reputable malware and spyware prevention program on your PC, it is worth installing one so that you can be secured from Trojan horses, rogue anti-virus programs, ransomware infections, browser hijackers, rootkits, and many other threats. We recommend that you implement SpyHunter, which easily fights off multiple threats so that you can browse the Internet safely. Our recommended program detects the Poweliks program as “Unknown Rootkit”, and, if you want to find out the security status of your operating system, do not hesitate to install the scanner of the program.