Monday, August 04, 2014
Slick. My Ethical Hackers can learn from this.
"Poweliks" Malware Uses Windows Registry to Avoid Detection
Researchers at Trend Micro have analyzed a new Trojan that uses the Windows registry to hide all its malicious code, the security company reported on Friday.
The threat, detected by Trend Micro as TROJ_POWELIKS.A or "Poweliks", is designed to provide attackers with system information which they can use for other operations, but is also capable of downloading additional pieces of malware onto infected computers.
Once it infects a system, Poweliks checks if the Windows PowerShell tool is present. If it's not, the program is downloaded by the malware and installed. PowerShell is used to run an encoded script file containing the Trojan's executable code. Because the code is not executed by Windows or any other application directly, it helps the threat avoid detection, the security company explained.
Then, a blank or NULL key is added to HKEY_CURRENT_USER\Software\Microsoft\Windows \CurrentVersion\Run (startup entry) by using the ZwSetValueKey API. This entry ensures that the malware runs whenever victims turn on their computers. According to Trend Micro, the content of the malicious entry can't be seen by the user because the registry value is NULL. This also means that the entry cannot be deleted.
What else are they looking for?
Why Google scans your emails for child porn
A convicted sex offender has been arrested after Google flagged images of child abuse found in his GMail account to authorities, according to reports, revealing that
Google spotted that the man had illegal images of a young girl stored in his GMail account during an automated search and reported it to the US non-profit National Center for Missing and Exploited Children. A subsequent police investigation lead to his arrest.
I don't suppose we'll be adding pot classes, no matter how popular.
Marijuana Business Academy To Launch Educational Seminars In Denver