Slick.
My Ethical Hackers can learn from this.
"Poweliks"
Malware Uses Windows Registry to Avoid Detection
Researchers
at Trend Micro have analyzed a new Trojan that uses the Windows
registry to hide all its malicious code, the security company
reported on Friday.
The
threat, detected by Trend Micro as TROJ_POWELIKS.A or "Poweliks",
is designed to provide attackers with system information which they
can use for other operations, but is also capable of downloading
additional pieces of malware onto infected computers.
Once
it infects a system, Poweliks checks if the Windows PowerShell tool
is present. If it's not, the program is downloaded by the malware
and installed. PowerShell is used to run an encoded script file
containing the Trojan's executable code. Because the code is not
executed by Windows or any other application directly, it helps the
threat avoid detection, the security company explained.
Then,
a blank or NULL key is added to
HKEY_CURRENT_USER\Software\Microsoft\Windows \CurrentVersion\Run
(startup entry) by using the ZwSetValueKey API. This entry ensures
that the malware runs whenever victims turn on their computers.
According to Trend Micro, the content of the malicious entry can't
be seen by the user because the registry value is NULL.
This also means that the entry cannot
be deleted.
What
else are they looking for?
Why
Google scans your emails for child porn
A
convicted sex offender has been arrested after Google flagged images
of child abuse found in his GMail account to authorities, according
to reports, revealing that
Google
spotted that the man had illegal images of a young girl stored in his
GMail account during an automated search and reported it to the US
non-profit National Center for Missing and Exploited Children. A
subsequent police investigation lead to his arrest.
I
don't suppose we'll be adding pot classes, no matter how popular.
Marijuana
Business Academy To Launch Educational Seminars In Denver
No comments:
Post a Comment