1. /
  2. Security Response/
  3. Trojan.Poweliks

Trojan.Poweliks

Risk Level 1: Very Low

Discovered:
August 3, 2014
Updated:
June 11, 2015 11:15:51 AM
Also Known As:
TROJ_POWELIKS.A [Trend], Trojan.Poweliks.A [F-Secure], Trojan.Win32.Powerliks.a [Kaspersky], Trojan:Win32/Powessere.ATrojan.Win32.Powerliks.a [Microsoft]
Type:
Trojan
Infection Length:
71,680 bytes
Systems Affected:
Windows 2000, Windows 7, Windows 95, Windows 98, Windows Me, Windows NT, Windows Server 2003, Windows Server 2008, Windows Vista, Windows XP
CVE References:
CVE-2015-0016
Trojan.Poweliks is a Trojan horse that installs as a fileless threat and performs click-fraud operations.

Trojan.Poweliks is a threat that installs itself into the Windows registry where it hijacks many existing CLSID entries to run itself when essential functions of Windows are performed.

In addition, it stores its own code within registry entries which allows it to remain persistent on a computer but not have any of its file stored directly on the computer file system.


Functionality
Once installed, Trojan.Poweliks may contact its command and control (C&C) servers to download further instructions. The primary goal of Trojan.Poweliks is to perform click-fraud operations which involves covertly downloading large numbers of online advertisements onto the compromised computer and then automatically clicking or interacting with them with a view to earning fraudulent advertising revenue for the attacker.

In certain cases, secondary infections by other threats may occur due to the downloading of malicious adverts (malvertisement) leading to exploit kits. The ransomware, Trojan.Cryptowall has been seen on some computers compromised by Trojan.Poweliks due to malvertisement.



SYMANTEC PROTECTION SUMMARY
The following Symantec detections protect against this threat family.


Antivirus


Intrusion prevention system

Removal tool
Symantec has created a tool that can help users remove Trojan.Poweliks.


Additional information
For more information, please see the following resource(s):

Antivirus Protection Dates

  • Initial Rapid Release version August 4, 2014 revision 001
  • Latest Rapid Release version June 14, 2015 revision 008
  • Initial Daily Certified version August 4, 2014 revision 008
  • Latest Daily Certified version June 14, 2015 revision 023
  • Initial Weekly Certified release date August 6, 2014
Click here for a more detailed description of Rapid Release and Daily Certified virus definitions.
Writeup By: Masaki Suenaga

Search Threats

Search by name
Example: W32.Beagle.AG@mm
STAR Antimalware Protection Technologies
Internet Security Threat Report