The following article is from our friends at Emsisoft. We want you to read this because this could be the future of malware — a new kind of malware that isn’t a file or a program yet can wreak havoc on your computer.
Poweliks: The file-less little malware that could
When you think about malware, you probably imagine a nasty little file that’s been installed on your computer. When you think about anti-malware, you probably imagine some sort of program that can remove that nasty file, and help you go about your day, malware-free. Malware doesn’t always need files though. And anti-malware can’t always do its job through file detection alone.
New research has uncovered a malware called Poweliks that can infect your computer without creating any files on your hard drive.
Instead, Poweliks creates a blank registry entry that automatically runs when you boot up your computer. This registry entry will check if your computer has Windows PowerShell installed, and initiate a download of the scripting program if it doesn’t. Once the presence of PowerShell is confirmed, Poweliks will then run a script that injects a malicious DLL into system memory. This DLL then connects your computer to a command and control server, which can be used to collect personal information or to load more malware onto an infected PC.
Poweliks is particularly evasive for two reasons: it does not create files on the hard drive and, according to reports, it creates a blank registry entry using a non-ASCII character. Both of these measures ensure that manual detection by user or even malware researcher are difficult. Poweliks’ file-less nature also means that antivirus products that rely on file-based detection alone will not find it.
Have a great (malware-free) day!