Commnet: New Trojan that uses Windows registry to hide.
By Eduard Kovacs on August 04, 2014
Researchers at Trend Micro have analyzed a new Trojan that uses the Windows registry to hide all its malicious code, the security company reported on Friday.
The threat, detected by Trend Micro as TROJ_POWELIKS.A or "Poweliks", is designed to provide attackers with system information which they can use for other operations, but is also capable of downloading additional pieces of malware onto infected computers.
Once it infects a system, Poweliks checks if the Windows PowerShell tool is present. If it's not, the program is downloaded by the malware and installed. PowerShell is used to run an encoded script file containing the Trojan's executable code. Because the code is not executed by Windows or any other application directly, it helps the threat avoid detection, the security company explained.
SecurityWeek/ Full Article Here/ http://www.securityweek.com/poweliks-malware-uses-windows-registry-avoid-detection
This pattern of malware and trojans attacking the registry has been around, the names change but businesses need to change as well by allocating resources to security.
Helpful Webroot Links: