Commnet: New Trojan that uses Windows registry to hide.
=================================================================================================
By Eduard Kovacs on August 04, 2014
Researchers at Trend Micro have analyzed a new Trojan that uses the Windows registry to hide all its malicious code, the security company reported on Friday.
The threat, detected by Trend Micro as TROJ_POWELIKS.A or "Poweliks", is designed to provide attackers with system information which they can use for other operations, but is also capable of downloading additional pieces of malware onto infected computers.
Once it infects a system, Poweliks checks if the Windows PowerShell tool is present. If it's not, the program is downloaded by the malware and installed. PowerShell is used to run an encoded script file containing the Trojan's executable code. Because the code is not executed by Windows or any other application directly, it helps the threat avoid detection, the security company explained.
SecurityWeek/ Full Article Here/ http://www.securityweek.com/poweliks-malware-uses-windows-registry-avoid-detection
Login to the community
No account yet? Create an account
Enter your username or e-mail address. We'll send you an e-mail with instructions to reset your password.