What is Poweliks?

The Poweliks infection is fileless and enters the system through a Windows exploit. It's first iteration was through a spam email using a Windows Document or Windows Template attachment, but more recent variants are coming through advertising links on legit as well as compromised sites. As it is well known, advertising links are not thoroughly regulated on all sites. Currently, only Windows 7 and earlier machines are vulnerable. 

Why makes Poweliks difficult to detect?

As Poweliks uses a Windows exploit, it is hard to detect as it's actions are viewed as legitimate by Windows itself. Further, it writes to the registry using non-standard characters, preventing use of the Registry Editor or desktop antivirus software for remediation. Successful removal requires a special registry editor or a special tool. Because of this, neither our desktop application nor any of our competitor's desktop solutions are presently able to remediate this threat.

What symptoms are associated with Poweliks?

  • Task Manager showing multiple (3+) DLLHost processes running
  • Performance trouble caused by high cpu utilization
  • Consistent excessive inbound LAN traffic

Best Practices:

The best defenses against Poweliks are properly configured firewalls, utilization of industry best practices, and a good spam filter. Please ensure Windows and all third-party applications are up to date, as well.

Additional Information: