Poweliks continues click-fraud tactics, linked to CryptoWall infections

Not open for further replies.


Thread author
Staff Member
Jan 24, 2011

Poweliks, malware known to hide inside the registry of infected Windows' computers, continues to be used to carry out click-fraud by scammers and has now been linked to recentCryptoWall infections.

On Tuesday, Symantec researchers published a white paper (PDF) detailing the evolution of the threat, noting that the malware uses “novel techniques” to compromise computers, including using a special naming scheme to hide in the registry, then leveraging CLSID (Class Identifier) hijacking to maintain persistence on systems, the white paper said. Poweliks has also used a now-patched remote privilege escalation vulnerability in Windows (CVE-2015-0016) to gain a foothold on targeted systems and ensare more computers into a click-fraud botnet.

“Poweliks comes with a default list of keywords… that it uses to generate requests for ads. The threat pretends that the victim legitimately searched for these keywords and then contacts an ad network so it knows where to direct the victim. Poweliks sends a request to the URL returned by the ad network and then receives payment for downloading the advertisement,” the paper explained of the click-fraud scheme, which ultimately puts money in attackers' coffers.

Symantec also noted that Poweliks and Bedep malware “share a number of similarities,” such as using the Windows zero-day exploit to infect users, and Bedep even being used, in some instances, to install Poweliks. The firm said that the similarities provide “no conclusive evidence linking the authors of Poweliks and Bedep together,” only evidence that Bedep "also acts as a downloader and has a similar coding style to Poweliks."

Read more: http://www.scmagazine.com/poweliks-...archers-explain-in-whitepaper/article/419621/
Not open for further replies.

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.