Poweliks

Poweliks is a family of backdoor Trojans that have seen extensive use in both non-targeted attacks against the public and targeted ones against specific corporate and government entities. Along with its standard backdoor attacks that grant third parties a high degree of access to an infected PC, Poweliks also is notable for its stealth-based installation structure, which makes visual identification of its components particularly difficult. As usually is the case, malware researchers continue to recommend using anti-malware protection to identify or remove Poweliks and similar Trojans from any computer.

Poweliks: a Case in Backdoor Campaigns with Indiscriminate Targets

Poweliks Trojans have been exploited in a variety of diverse circumstances, with their distribution models often involving compromised (or outright threatening) websites hosting compromised scripts. Other attempts to install Poweliks Trojans have used e-mail messages with file attachments that exploit Adobe or Microsoft-brand vulnerabilities. The latter especially is a thematic hallmark of Axiom and other, 'professional' hostile organizations that target corporations, non-profit organizations and even various governments. However, even casual PC users are at risk of Poweliks infections as of 2014.

Many versions of Poweliks Trojans use a combination of Registry-based entries and the exploitation of legitimate software, such as PowerShell, to prevent themselves from being detected. Since Poweliks may have no threatening files that are visible on the victim's hard drive, both casual detection attempts and efforts by outdated security software easily could fail.

With a successful installation, Poweliks may be used to download more threats besides itself. Poweliks also may change your system settings, disable security features, upload files taken from your computer or monitor your PC's activities for information (such as passwords) worth stealing.

Having the Power to Eject a Poweliks Trojan

When the third parties commanding Poweliks Trojans are less than cautious about hiding their attacks, Poweliks may display excessive memory processes, cause poor system performance or create other symptoms to alert its victims. Although these cases may result in difficulty with using other applications, using Task Manager (or similar memory-management tools) can give you an immediate view of the processes most likely to correspond with Poweliks's attacks. However, when used by third parties intent on concealing the evidence of a Poweliks infection, Poweliks may show no symptoms at all. Updating and then running your anti-malware applications will offer the most dependable means of deleting Poweliks, or determining whether Poweliks is on your PC, in the first place.

Hoaxes known for Poweliks distribution include e-mail messages referencing postal service receipts or invoices. These tactics are easily identifiable by their requests for the victim to launch a file attachment, which is a blatant security risk that malware experts recommend avoiding in all circumstances. Understanding the difference between legitimate documentation and fraudulent attachments abused by third parties will protect your PC from Poweliks as much as having proper anti-malware protection could manage.

Technical Details