Hey you,
BE IN THE KNOW!

35,000 ransomware infections per month and you still believe you are protected?

Sign up to receive:

  • alerts
  • news
  • free how-to-remove guides

of the newest online threats - directly to your inbox:


Poweliks Trojan Delivered Through Spam Emails

Poweliks Trojan Delivered Through Spam Emails
Experts report that the number of computers infected with Poweliks Trojan has been growing recently. The primary distribution technique at the moment is through spam, but the cyber criminals are using other methods as well.

Details on the Poweliks Trojan

Poweliks Trojan is quite difficult to detect because it is not stored on the compromised machine as a file. This particular piece of malware is being located in a registry subkey in the system’s memory. Once executed, Poweliks creates registry entries with commands that check if the affected computer has PowerShell or .NET frameworks. In case it doesn’t, the Trojan downloads the installers directly from the Web. Then, Poweliks decrypts a PowerShell script from its JavaScript, which is encrypted. The Powershell script is needed to execute a binary program that establishes a connection with the following remote locations:

  • 178.89.159.35
  • 178.89.159.34

This allows the attackers to send commands to the compromised machine. After it connects the victimized PC to the C&C server, the Trojan will delete the binary.

Poweliks Trojan Delivered via Spam Emails

Researchers with Symantec report that the latest infections are mostly distributed via spam emails that claim to be sent by the Postal Service in the US or Canada. The victim is presented with detailed information about a missed package delivery. The scam email has a Microsoft Word document attached which contains the Trojan.

The Poweliks Trojan was first detected by a researcher with GData in July this year.

Other Distribution Methods

Reportedly, the Poweliks Trojan can also be delivered through exploit kits. The French researcher Kafeine has spotted Poweliks being delivered to the targeted system by Anger Exploit Kit in September 2014. In this particular sample, the malware is eliminated the next time the computer is started, because there are no registry keys that would allow it to start along with the operating system.

Remove Poweliks Trojan automatically with Spy Hunter Malware – Removal Tool.

Clean your computer with the award-winning software Spy Hunter!
It is highly recommended to run a FREE scan before purchasing the full version of the software to make sure that the current version of the malware can be detected by SpyHunter.

donload_now_250

Berta Bilbao

Berta is the Editor-in-Chief of SensorsTechForum. She is a dedicated malware researcher, dreaming for a more secure cyber space.

More Posts - Website

Share on Facebook Share
Loading...
Share on Twitter Tweet
Loading...
Share on Google Plus Share
Loading...
Share on Linkedin Share
Loading...
Share on Digg Share
Share on Reddit Share
Loading...
Share on Stumbleupon Share
Loading...
Please wait...

Subscribe to our newsletter

Want to be notified when our article is published? Enter your email address and name below to be the first to know.