PDA

View Full Version : Does Powelik download/install CryptoWall



ChrisCosgrove
04-12-2013,
Hello BleepingComputer forums. I was doing some reading on Powelik, and some people have said that it downloads CryptoWall onto your computer. Is this true? Should I worry, or just disconnect all internet connectivity?

ChrisMarshall
04-20-2013,
They both spread in a similar manner.

Poweliks has reportedly been delivered through social engineering...by opening malicious spam emails that claim to be a missed package delivery from the Canadian Post or U.S. Postal Service (USPS) purportedly carrying tracking information and exploit kits.

Crypto malware is also typically spread through social engineering and user interaction...i.e. opening suspicious emails and opening an infected word docs with embedded macro viruses and sometimes via exploit kits. It can be disguised in email attachments which appear to be legitimate correspondence from reputable companies such as banks and Internet providers or UPS or FedEx with tracking numbers. Attackers will use email addresses and subjects (i.e. example) that will entice a user to read the email and open the attachment.

US-CERT advises there have been reports that some victims encounter the malware after clicking on a malicious link within an email or following a previous infection from botnets such as Zbot/Z-bot (Zeus) which downloads and executes the ransomware as a secondary payload from infected websites. Other types or crypto malware have been reported to spread on YouTube ads, via browser exploit kits and drive-by downloads when visiting compromised web sites.

christianbs95
04-28-2013,
As well as opening a backdoor, Poweliks is known to download other malware onto the infected machine. I've often seen Zbot, Tracur and ZeroAccess downloaded onto systems infected with Poweliks.

christianbs95
05-06-2013,
In addition to downloading more malicious file, Poweliks has the capability to steal system information which may be used by cybercriminals to launch other attacks.