Malware which lives and works entirely out of a computer’s system registry has been detected.
Named Poweliks, the malware cannot be easily detected by traditional methods, as it does not create/install files within the hard-drive of the host Windows systems. Upon infection, Poweliks exploits a vulnerability in Microsoft Word, with the assistance of another specially designed malicious Word file that transmits via email, reported IB Times.
Poweliks is designed to create a new registry key at every system boot-up, using a non-ASCII charecter to create the name. This registry key runs the genuine Windows rundll32.exe application, which is used to launch functionality stored within shared .dll files. Generally, rundll.exe is not recognised as a threat by Windows, and is considered a valid executable file.
