{"id":7917,"date":"2014-08-06T20:11:03","date_gmt":"2014-08-07T00:11:03","guid":{"rendered":"http:\/\/thundercloud.net\/infoave\/new\/?p=7917"},"modified":"2014-08-06T20:14:50","modified_gmt":"2014-08-07T00:14:50","slug":"poweliks-the-file-less-little-malware-that-could","status":"publish","type":"post","link":"https:\/\/www.thundercloud.net\/infoave\/new\/poweliks-the-file-less-little-malware-that-could\/","title":{"rendered":"Poweliks: The file-less little malware that could"},"content":{"rendered":"

The following article is from our friends at Emsisoft. We want you to read this because this could be the future of malware — a new kind of malware that isn’t a file or a program yet can wreak havoc on your computer.\u00a0<\/span><\/p>\n

\n

Poweliks: The file-less little malware that could<\/h2>\n

\"5050540_s\"<\/a>When you think about malware, you probably imagine a nasty little file that\u2019s been installed on your computer. When you think about anti-malware, you probably imagine some sort of program that can remove that nasty file, and help you go about your day, malware-free.\u00a0Malware doesn\u2019t always need files though<\/strong>. And anti-malware can\u2019t always do its job through file detection alone.<\/p>\n

New research has uncovered a malware called Poweliks that can infect your computer without creating any files on your hard drive.<\/p>\n

Instead, Poweliks creates a blank\u00a0registry<\/a>\u00a0entry that automatically runs when you boot up your computer. This registry entry will check if your computer has Windows PowerShell installed, and initiate a download of the scripting program if it doesn\u2019t. Once the presence of PowerShell is confirmed, Poweliks will then run a script that injects a malicious\u00a0DLL<\/a>\u00a0into system memory. This DLL then connects your computer to a command and control server, which can be used to collect personal information or to load more malware onto an infected PC.<\/p>\n

Poweliks is particularly evasive for two reasons: it does not create files on the hard drive and, according to reports, it creates a blank registry entry using a non-ASCII character. Both of these measures ensure that manual detection by user or even malware researcher are difficult. Poweliks\u2019 file-less nature also means that antivirus products that rely on file-based detection alone will not find it.<\/p>\n

For the full story on Poweliks, see\u00a0PC World Magazine<\/a>. For technical analysis, see\u00a0Malware Don\u2019t Need Coffee.<\/a><\/p>\n

Have a great (malware-free) day!<\/p>\n

See more at: http:\/\/blog.emsisoft.com\/2014\/08\/06\/poweliks-the-file-less-little-malware-that-could\/#sthash.l3GMEcte.dpuf<\/a><\/strong><\/span><\/span><\/p><\/blockquote>\n

Emsisoft Anti-Malware is available from Cloudeight for $10 off the regular retail price…learn more here.<\/span><\/a><\/strong><\/span><\/em><\/span><\/h3>\n","protected":false},"excerpt":{"rendered":"

The following article is from our friends at Emsisoft. We want you to read this because this could be the future of malware — a new kind of malware that isn’t a file or a program yet can wreak havoc on your computer.\u00a0 Poweliks: The file-less little malware that could When you think about malware, you probably imagine\u2026 Read More »<\/a><\/span><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1655,1669,1656,1654],"tags":[],"_links":{"self":[{"href":"https:\/\/www.thundercloud.net\/infoave\/new\/wp-json\/wp\/v2\/posts\/7917"}],"collection":[{"href":"https:\/\/www.thundercloud.net\/infoave\/new\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.thundercloud.net\/infoave\/new\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.thundercloud.net\/infoave\/new\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.thundercloud.net\/infoave\/new\/wp-json\/wp\/v2\/comments?post=7917"}],"version-history":[{"count":3,"href":"https:\/\/www.thundercloud.net\/infoave\/new\/wp-json\/wp\/v2\/posts\/7917\/revisions"}],"predecessor-version":[{"id":7920,"href":"https:\/\/www.thundercloud.net\/infoave\/new\/wp-json\/wp\/v2\/posts\/7917\/revisions\/7920"}],"wp:attachment":[{"href":"https:\/\/www.thundercloud.net\/infoave\/new\/wp-json\/wp\/v2\/media?parent=7917"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.thundercloud.net\/infoave\/new\/wp-json\/wp\/v2\/categories?post=7917"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.thundercloud.net\/infoave\/new\/wp-json\/wp\/v2\/tags?post=7917"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}