Although different, malware uses regular distribution method

Nov 4, 2014 01:39 GMT  ·  By

The amount of reports involving Poweliks Trojan has been growing lately as the cybercriminals behind the threat appeal to different distribution methods, spam being the most prevalent at the moment.

Poweliks is not a regular piece of malware because it resides in the memory of the system and stores absolutely no file on the disk, making it more difficult to detect.

After compromising the computer, the malware creates registry entries with commands that verify for the presence of PowerShell or .NET Framework and for executing the payload.

Security researchers at Symantec have observed that the Trojan has been delivered through spam emails lately, purporting to be sent by the Canadian Post or the US Postal Service. The lure consists in details about a missed package delivery.

Poweliks is not a new form of malware as it was documented by researchers at German security vendor G Data at the end of July.

Furthermore, the Trojan was spotted to be delivered by Angler Exploit Kit by French vulnerability researcher Kafeine; he saw the payload being delivered to unsuspecting users since September.

However, unlike the discovery made by G Data, the sample found by Kafeine did not achieve persistency and would be eliminated at the next computer restart because no registry entries were created to allow the malware to start with the operating system.