June 9th 2015 By Danielle Walker
http://media.scmagazine.com/images/2014/04/09/156976325_577995.jpg?format.jpg&zoom=1&quality=70&anchor=middlecenter&width=320&mode=pad
Poweliks is known to hide in the registry of Windows’ computers, and may ultimately spread other malware as well as carry out click-fraud for scammers. Poweliks, malware known to hide inside the registry of infected Windows' computers, continues to be used to carry out click-fraud by scammers and has now been linked to recent CryptoWall infections.
On Tuesday, Symantec researchers published a white paper (PDF) detailing the evolution of the threat, noting that the malware uses “novel techniques” to compromise computers, including using a special naming scheme to hide in the registry, then leveraging CLSID (Class Identifier) hijacking to maintain persistence on systems, the white paper said. Poweliks has also use a now-patched remote privilege escalation vulnerability in Windows (CVE-2015-0016) to gain a foothold on targeted systems and ensare more computers into a click-fraud botnet.
Full Article
Poweliks continues click-fraud tactics, linked to CryptoWall infections
+54
Login to the community
No account yet? Create an account
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.