Jump to content

Does Premium version stop Poweliks attack?

Recommended Posts

A new attack has arisen and I wondered if your Premium version of Malewarebytes software stops the attack?





...security researchers have uncovered a new and sophisticated piece of malware that infects systems and steals data without installing any file onto the targeted system.
Researchers dubbed this persistent malware as Poweliks, which resides in the computer registry only and is therefore not easily detectable as other typical malware that installs files on the affected system which can be scanned by antivirus or anti-malware Software.
According to Paul Rascagneres, Senior Threat Researcher, Malware analyst at GData software, due to the malware’s subsequent and step-after-step execution of code, the feature set was similar to a stacking principles of Matryoshka Doll approach.
Paul has made a number of name ripping malware and bots to uncover and undermine cyber crimes. He won last years' Pwnie Award at Black Hat Las Vegas for tearing through the infrastructure of Chinese hacker group APT1.
In order to infect a system, the malware spreads via emails through a malicious Microsoft Word document and after that it creates an encoded autostart registry key and to remain undetectable it keeps the registry key hidden, Rascagneres says.
The malware then creates and executes shellcode, along with a payload Windows binary that tried to connect to ‘hard coded IP addresses’ in an effort to receive further commands from the attacker.


Link to post
Share on other sites



The Poweliks installer (creates the registry keys):





Office documents using CVE-2012-0158: File type is not targeted by MBAM




Link to post
Share on other sites




How does one remove the Poweliks malware?

Malware diagnosis and disinfection are conducted in a dedicated, specialized area of the forum.
If you think you might be infected, I suggest that you please follow the advice in this pinned topic: Available Assistance For Possibly Infected Computers.
A malware analyst will assist you with looking into your issue.


Link to post
Share on other sites

This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.