Security researchers have found that cybercriminals have targeted almost 200,000 computers using a dangerous ‘file-less’ version of the Poweliks malware over the past six months. More than 99.5 percent of these infections have been found in the U.S. The researchers stated that the success of the Poweliks malware is because of the upgrades designed to improve its resilience against removal tools. As a file-less threat, Poweliks does not exist as a file on a disk but instead resides solely in the registry. This means that it cannot be deleted from the compromised computer in the traditional sense. The threat also uses several other novel techniques to compromise infected computers. Poweliks uses a special naming scheme to hide in the registry and has consistently used CLSID [Class ID] hijacking as runtime load points in the registry.
The information provided herein is on "as is" basis, without warranty of any kind.
Mauritian Computer Emergency Response Team (CERT-MU)
National Computer Board
7th Floor, Stratton Court
La Poudriere Street