Sign up for our newsletter
Technology / Cybersecurity

Fileless trojan Poweliks virus on the rise

A fileless trojan virus that hides inside a registry key is becoming increasingly prevalent according to the security company Symantec.

Poweliks is said to be delivered through spam mails purporting to be from the Canadian or US postal services, and damages computers through opening a backdoor to future infection.

Symantec said: "While Trojan.Poweliks is unique in how it resides on a computer, it can arrive on a computer through more common methods, such as malicious spam emails and exploit kits."

Unlike other fileless viruses Poweliks is able to survive system reboots through the use of an automatically booting registry key which evades detection from antivirus (AV) software.

White papers from our partners

To catch such a file cybersecurity software must stop the delivery file before it is executed, detect the resulting exploit or find odd behaviour within the registry itself.

"The use of registry for evasion tactics is crucial given that file-based AV solution won’t be able to detect anything malicious running on the system," said Roddell Santos, threat analyst at security firm Trend Micro, in an earlier report of the virus.

"Furthermore, unsuspecting users won’t necessarily check for the registries but rather look for suspicious files or folders. We surmise that in the future, we may see other malware sporting the same routines as AV security continuous to grow."

At present Symantec rates Poweliks as having a low threat level in the wild, and notes that it is easy to contain and remove.


This article is from the CBROnline archive: some formatting and images may not be present.