Researchers with Symantec report that the latest infections are mostly distributed via spam emails that claim to be sent by the Postal Service in the US or Canada. Poweliks Trojan Delivered via Spam Emails After it connects the victimized PC to the C&C server, the Trojan will delete the binary. This allows the attackers to send commands to the compromised machine. The Powershell script is needed to execute a binary program that establishes a connection with the following remote locations: Then, Poweliks decrypts a PowerShell script from its JavaScript, which is encrypted. In case it doesn’t, the Trojan downloads the installers directly from the Web. Once executed, Poweliks creates registry entries with commands that check if the affected computer has PowerShell or. This particular piece of malware is being located in a registry subkey in the system’s memory. Poweliks Trojan is quite difficult to detect because it is not stored on the compromised machine as a file. The primary distribution technique at the moment is through spam, but the cyber criminals are using other methods as well. Experts report that the number of computers infected with Poweliks Trojan has been growing recently.
0 kommentar(er)
