Explore the latest news and trends  

Sign up for our weekly security newsletter

Be the first to receive important updates on security


Symantec - Poweliks Trojan is now linked to Ransomware Infections

Symantec, a security firm, recently published a white paper saying that Poweliks, which is a malware known to be hidden inside the registry of infected Windows of computers and it is continuously being used to conduct click-fraud by scammers and now has been linked to latest infections of ransomware.

Researchers of Symantec describing the progress of the danger observed that this malware uses "novel techniques" to compromise computers including usage of a scheme with special name to hide in the registry and then leverages CLSID (Class Identifier) which hijacks to sustain resolution on systems.

Symantec tracked its growth and found that in trying to gain control of the tainted system, Powerliks also depended on then zero-day flaw (CVE-2015-0016) in Windows which was strengthened by Microsoft in January.

This zero-day exploit has also been used by Trojan.Bedep to control over the compromised machines and it did this almost at the same time when Poweliks was abusing the vulnerability leading us to make out that there might be an association between Bedep and Poweliks.

Bedep is a downloader which frequently downloads one of the dangers into compromised computers which is known as Poweliks.

Symantec previously revealed that Poweliks is an infostealer and it also enlightens that this menace is used to conduct ad-fraud by inducting web pages at the backdrop and clicking on the commercials showing that criminals signed up a cost-per-click model of advertisement to collect money.

Poweliks can request around 3,000 advertisements on a computer in a day with a bid amount of $0.000503. The total income earned this way was calculated to $1.51 / 1.34 Euros per day. It might finally download malicious advertisements in the compromised computer as it requests for several ads without caring for the origin of ads. This might cause the installation of other malware and we (says Symantec) have observed that Trojan. Cryptowall ransomware or one of its versions was installed on machines which were already hijacked by Poweliks.

Symantec.com published a report on 9th June, 2015 quoting Symantec as saying "While a victim may be initially unconscious that Poweliks was displaying ads on their PC, they could ultimately end up by locking out of their PC while being encouraged to shell out a ransom."

ยป SPAMfighter News - 6/19/2015

3 simple steps to update drivers on your Windows PCSlow PC? Optimize your Slow PC with SLOW-PCfighter!Email Cluttered with Spam? Free Spam Filter!

Dear Reader

We are happy to see you are reading our IT Security News.

We do believe, that the foundation for a good work environment starts with fast, secure and high performing computers. If you agree, then you should take a look at our Business Solutions to Spam Filter & Antivirus for even the latest version of Exchange Servers - your colleagues will appreciate it!

Go back to previous page