{"id":111081,"date":"2014-09-25T16:04:32","date_gmt":"2014-09-25T23:04:32","guid":{"rendered":"https:\/\/www.faronics.com\/news\/blog\/reboot-to-restore-new-fileless%e2%80%8b-malware-making-the-rounds-69\/"},"modified":"2026-02-22T22:00:09","modified_gmt":"2026-02-23T06:00:09","slug":"reboot-to-restore-new-fileless%e2%80%8b-malware-making-the-rounds-69","status":"publish","type":"post","link":"https:\/\/www.faronics.com\/fr\/news\/blog\/reboot-to-restore-new-fileless%e2%80%8b-malware-making-the-rounds-69","title":{"rendered":"Reboot to restore: New ‘fileless\u200b’ malware making the rounds"},"content":{"rendered":"

Traditional malware samples all operate in relatively the same manner, using one or more downloaded files to infect the system and avoid detection by any protection software. However, a newly discovered malware sample is taking a new approach to evading exposure through a \u00ab\u00a0fileless\u00a0\u00bb<\/a> structure. Users can protect themselves by utilizing a layered security<\/a> approach that includes a reboot to restore<\/a> solution like Faronics’ Deep Freeze.<\/p>\n

Poweliks: Hiding in computer registry<\/strong>
\nInstead of living within files like conventional malware, this recently uncovered sample – dubbed Poweliks – consists of encrypted text that hides on the infected computer’s registry. This way, it can attack the system to gain control over the machine’s primary functions to download additional malware and provide capabilities for other malicious pursuits.<\/p>\n

Malware researcher Paul Rascagneres noted that the fact that the sample is nearly invisible to antivirus and other protection programs makes for \u00ab\u00a0a potentially very dangerous situation.\u00a0\u00bb<\/p>\n

\u00ab\u00a0As the malware is very powerful and can download any payload, the amount of possible damage is not really measurable,\u00a0\u00bb Rascagneres stated.<\/p>\n

Spread through email, drive-by attacks<\/strong>
\nBesides exhibiting rare detection avoidance capabilities, Poweliks also uses a number of different strategies to spread its infection. One of the most prevalent techniques seen is an email attack via an attached, corrupted Microsoft Word file. Oftentimes, the emails appear to come from legitimate organizations such as the Canada Post and USPS. The malicious attachment exploits a vulnerability in Microsoft Office 2003, 2007 and 2010. Microsoft patched the issue in April 2012, but those that have not downloaded the update leave themselves at risk for infection.<\/p>\n

When this attack avenue fails, the malware uses\u00a0a drive-by download attack strategy to distribute itself onto unsuspecting systems through Web exploits. Experts that have analyzed Poweliks believe that the attack approaches utilized\u00a0by the sample will be leveraged\u00a0by other malware creators in the near future to create similar strains.<\/p>\n

Protecting against Poweliks<\/strong>
\nDue to its complex architecture, Poweliks is difficult to prevent, though not impossible.<\/p>\n

\u00ab\u00a0[A]ntivirus solutions have to either catch the file (the initial Word document) before it is executed (if there is one), preferably before it reached the customer’s email inbox,\u00a0\u00bb Rascagneres noted. \u00ab\u00a0Or, as a next line of defense, they need to detect the software exploit after the file’s execution, or as a last step, in-registry surveillance has to detect unusual behavior, block the corresponding processes and alert the user.\u00a0\u00bb<\/p>\n

In addition, the use of reboot to restore software<\/a>, like Faronics’ Deep Freeze, as part of a layered security approach can also prevent damage from malware like Poweliks.<\/p>\n

\u00ab\u00a0The concept of ‘fileless’ malware that only exists in the system’s memory is not new, but such threats are rare because they typically don’t survive across system reboots<\/a>,\u00a0\u00bb PCWorld contributor Lucian Constantin pointed out.<\/p>\n

Such protections are especially important in corporate environments, where increasingly sensitive information is at risk. As the Poweliks infection allows the attacker to download additional malware that could threaten the safety of mission-critical content, company decision-makers should include a reboot to restore solution as part of their overall security protocol.<\/p>\n","protected":false},"excerpt":{"rendered":"

Users can protect themselves from newly discovered fileless malware by utilizing a layered security approach that includes a reboot to restore solution like Faronics’ Deep Freeze.<\/p>\n","protected":false},"author":148,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"inline_featured_image":false,"footnotes":""},"categories":[],"tags":[],"class_list":["post-111081","post","type-post","status-publish","format-standard","hentry"],"acf":[],"yoast_head":"\nReboot to restore: New 'fileless\u200b' malware making the rounds<\/title>\n<meta name=\"description\" content=\"Users can protect themselves from newly discovered fileless malware by utilizing a layered security approach that includes a reboot to restore solution like Faronics' Deep Freeze.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.faronics.com\/fr\/news\/blog\/reboot-to-restore-new-fileless%e2%80%8b-malware-making-the-rounds-69\" \/>\n<meta property=\"og:locale\" content=\"fr_FR\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Reboot to restore: New 'fileless\u200b' malware making the rounds\" \/>\n<meta property=\"og:description\" content=\"Users can protect themselves from newly discovered fileless malware by utilizing a layered security approach that includes a reboot to restore solution like Faronics' Deep Freeze.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.faronics.com\/fr\/news\/blog\/reboot-to-restore-new-fileless%e2%80%8b-malware-making-the-rounds-69\" \/>\n<meta property=\"og:site_name\" content=\"Faronics\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/faronics\" \/>\n<meta property=\"article:published_time\" content=\"2014-09-25T23:04:32+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2026-02-23T06:00:09+00:00\" \/>\n<meta name=\"author\" content=\"Abhishek Sood\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@faronics\" \/>\n<meta name=\"twitter:site\" content=\"@faronics\" \/>\n<meta name=\"twitter:label1\" content=\"\u00c9crit par\" \/>\n\t<meta name=\"twitter:data1\" content=\"Abhishek Sood\" \/>\n\t<meta name=\"twitter:label2\" content=\"Dur\u00e9e de lecture estim\u00e9e\" \/>\n\t<meta name=\"twitter:data2\" content=\"3 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.faronics.com\\\/fr\\\/news\\\/blog\\\/reboot-to-restore-new-fileless%e2%80%8b-malware-making-the-rounds-69#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.faronics.com\\\/fr\\\/news\\\/blog\\\/reboot-to-restore-new-fileless%e2%80%8b-malware-making-the-rounds-69\"},\"author\":{\"name\":\"Abhishek Sood\",\"@id\":\"https:\\\/\\\/www.faronics.com\\\/fr#\\\/schema\\\/person\\\/c5f6307a8c5002ae8f7f04bbc462f4f9\"},\"headline\":\"Reboot to restore: New ‘fileless\u200b’ malware making the rounds\",\"datePublished\":\"2014-09-25T23:04:32+00:00\",\"dateModified\":\"2026-02-23T06:00:09+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.faronics.com\\\/fr\\\/news\\\/blog\\\/reboot-to-restore-new-fileless%e2%80%8b-malware-making-the-rounds-69\"},\"wordCount\":523,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\\\/\\\/www.faronics.com\\\/fr#organization\"},\"inLanguage\":\"fr-FR\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/www.faronics.com\\\/fr\\\/news\\\/blog\\\/reboot-to-restore-new-fileless%e2%80%8b-malware-making-the-rounds-69#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.faronics.com\\\/fr\\\/news\\\/blog\\\/reboot-to-restore-new-fileless%e2%80%8b-malware-making-the-rounds-69\",\"url\":\"https:\\\/\\\/www.faronics.com\\\/fr\\\/news\\\/blog\\\/reboot-to-restore-new-fileless%e2%80%8b-malware-making-the-rounds-69\",\"name\":\"Reboot to restore: New 'fileless\u200b' malware making the rounds\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.faronics.com\\\/fr#website\"},\"datePublished\":\"2014-09-25T23:04:32+00:00\",\"dateModified\":\"2026-02-23T06:00:09+00:00\",\"description\":\"Users can protect themselves from newly discovered fileless malware by utilizing a layered security approach that includes a reboot to restore solution like Faronics' Deep Freeze.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.faronics.com\\\/fr\\\/news\\\/blog\\\/reboot-to-restore-new-fileless%e2%80%8b-malware-making-the-rounds-69#breadcrumb\"},\"inLanguage\":\"fr-FR\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.faronics.com\\\/fr\\\/news\\\/blog\\\/reboot-to-restore-new-fileless%e2%80%8b-malware-making-the-rounds-69\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.faronics.com\\\/fr\\\/news\\\/blog\\\/reboot-to-restore-new-fileless%e2%80%8b-malware-making-the-rounds-69#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.faronics.com\\\/fr\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Reboot to restore: New ‘fileless\u200b’ malware making the rounds\",\"item\":\"https:\\\/\\\/www.faronics.com\\\/fr\\\/reboot-to-restore-new-fileless-malware-making-the-rounds\\\/\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.faronics.com\\\/fr#website\",\"url\":\"https:\\\/\\\/www.faronics.com\\\/fr\",\"name\":\"Faronics\",\"description\":\"Cr\u00e9ateurs de Deep Freeze et d'autres solutions de s\u00e9curit\u00e9 multicouche\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.faronics.com\\\/fr#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.faronics.com\\\/fr?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"fr-FR\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/www.faronics.com\\\/fr#organization\",\"name\":\"Faronics\",\"url\":\"https:\\\/\\\/www.faronics.com\\\/fr\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"fr-FR\",\"@id\":\"https:\\\/\\\/www.faronics.com\\\/fr#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/www.faronics.com\\\/assets\\\/footer-faronics-logo.png\",\"contentUrl\":\"https:\\\/\\\/www.faronics.com\\\/assets\\\/footer-faronics-logo.png\",\"width\":155,\"height\":44,\"caption\":\"Faronics\"},\"image\":{\"@id\":\"https:\\\/\\\/www.faronics.com\\\/fr#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/www.facebook.com\\\/faronics\",\"https:\\\/\\\/x.com\\\/faronics\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.faronics.com\\\/fr#\\\/schema\\\/person\\\/c5f6307a8c5002ae8f7f04bbc462f4f9\",\"name\":\"Abhishek Sood\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"fr-FR\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/eda417955e7e2a082e0a0bd0fa650ec745f1ee89844787584d553a3262e40526?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/eda417955e7e2a082e0a0bd0fa650ec745f1ee89844787584d553a3262e40526?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/eda417955e7e2a082e0a0bd0fa650ec745f1ee89844787584d553a3262e40526?s=96&d=mm&r=g\",\"caption\":\"Abhishek Sood\"},\"sameAs\":[\"https:\\\/\\\/www.faronics.com\\\/\"]}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"Reboot to restore: New 'fileless\u200b' malware making the rounds","description":"Users can protect themselves from newly discovered fileless malware by utilizing a layered security approach that includes a reboot to restore solution like Faronics' Deep Freeze.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.faronics.com\/fr\/news\/blog\/reboot-to-restore-new-fileless%e2%80%8b-malware-making-the-rounds-69","og_locale":"fr_FR","og_type":"article","og_title":"Reboot to restore: New 'fileless\u200b' malware making the rounds","og_description":"Users can protect themselves from newly discovered fileless malware by utilizing a layered security approach that includes a reboot to restore solution like Faronics' Deep Freeze.","og_url":"https:\/\/www.faronics.com\/fr\/news\/blog\/reboot-to-restore-new-fileless%e2%80%8b-malware-making-the-rounds-69","og_site_name":"Faronics","article_publisher":"https:\/\/www.facebook.com\/faronics","article_published_time":"2014-09-25T23:04:32+00:00","article_modified_time":"2026-02-23T06:00:09+00:00","author":"Abhishek Sood","twitter_card":"summary_large_image","twitter_creator":"@faronics","twitter_site":"@faronics","twitter_misc":{"\u00c9crit par":"Abhishek Sood","Dur\u00e9e de lecture estim\u00e9e":"3 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.faronics.com\/fr\/news\/blog\/reboot-to-restore-new-fileless%e2%80%8b-malware-making-the-rounds-69#article","isPartOf":{"@id":"https:\/\/www.faronics.com\/fr\/news\/blog\/reboot-to-restore-new-fileless%e2%80%8b-malware-making-the-rounds-69"},"author":{"name":"Abhishek Sood","@id":"https:\/\/www.faronics.com\/fr#\/schema\/person\/c5f6307a8c5002ae8f7f04bbc462f4f9"},"headline":"Reboot to restore: New ‘fileless\u200b’ malware making the rounds","datePublished":"2014-09-25T23:04:32+00:00","dateModified":"2026-02-23T06:00:09+00:00","mainEntityOfPage":{"@id":"https:\/\/www.faronics.com\/fr\/news\/blog\/reboot-to-restore-new-fileless%e2%80%8b-malware-making-the-rounds-69"},"wordCount":523,"commentCount":0,"publisher":{"@id":"https:\/\/www.faronics.com\/fr#organization"},"inLanguage":"fr-FR","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/www.faronics.com\/fr\/news\/blog\/reboot-to-restore-new-fileless%e2%80%8b-malware-making-the-rounds-69#respond"]}]},{"@type":"WebPage","@id":"https:\/\/www.faronics.com\/fr\/news\/blog\/reboot-to-restore-new-fileless%e2%80%8b-malware-making-the-rounds-69","url":"https:\/\/www.faronics.com\/fr\/news\/blog\/reboot-to-restore-new-fileless%e2%80%8b-malware-making-the-rounds-69","name":"Reboot to restore: New 'fileless\u200b' malware making the rounds","isPartOf":{"@id":"https:\/\/www.faronics.com\/fr#website"},"datePublished":"2014-09-25T23:04:32+00:00","dateModified":"2026-02-23T06:00:09+00:00","description":"Users can protect themselves from newly discovered fileless malware by utilizing a layered security approach that includes a reboot to restore solution like Faronics' Deep Freeze.","breadcrumb":{"@id":"https:\/\/www.faronics.com\/fr\/news\/blog\/reboot-to-restore-new-fileless%e2%80%8b-malware-making-the-rounds-69#breadcrumb"},"inLanguage":"fr-FR","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.faronics.com\/fr\/news\/blog\/reboot-to-restore-new-fileless%e2%80%8b-malware-making-the-rounds-69"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/www.faronics.com\/fr\/news\/blog\/reboot-to-restore-new-fileless%e2%80%8b-malware-making-the-rounds-69#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.faronics.com\/fr"},{"@type":"ListItem","position":2,"name":"Reboot to restore: New ‘fileless\u200b’ malware making the rounds","item":"https:\/\/www.faronics.com\/fr\/reboot-to-restore-new-fileless-malware-making-the-rounds\/"}]},{"@type":"WebSite","@id":"https:\/\/www.faronics.com\/fr#website","url":"https:\/\/www.faronics.com\/fr","name":"Faronics","description":"Cr\u00e9ateurs de Deep Freeze et d'autres solutions de s\u00e9curit\u00e9 multicouche","publisher":{"@id":"https:\/\/www.faronics.com\/fr#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.faronics.com\/fr?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"fr-FR"},{"@type":"Organization","@id":"https:\/\/www.faronics.com\/fr#organization","name":"Faronics","url":"https:\/\/www.faronics.com\/fr","logo":{"@type":"ImageObject","inLanguage":"fr-FR","@id":"https:\/\/www.faronics.com\/fr#\/schema\/logo\/image\/","url":"https:\/\/www.faronics.com\/assets\/footer-faronics-logo.png","contentUrl":"https:\/\/www.faronics.com\/assets\/footer-faronics-logo.png","width":155,"height":44,"caption":"Faronics"},"image":{"@id":"https:\/\/www.faronics.com\/fr#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/faronics","https:\/\/x.com\/faronics"]},{"@type":"Person","@id":"https:\/\/www.faronics.com\/fr#\/schema\/person\/c5f6307a8c5002ae8f7f04bbc462f4f9","name":"Abhishek Sood","image":{"@type":"ImageObject","inLanguage":"fr-FR","@id":"https:\/\/secure.gravatar.com\/avatar\/eda417955e7e2a082e0a0bd0fa650ec745f1ee89844787584d553a3262e40526?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/eda417955e7e2a082e0a0bd0fa650ec745f1ee89844787584d553a3262e40526?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/eda417955e7e2a082e0a0bd0fa650ec745f1ee89844787584d553a3262e40526?s=96&d=mm&r=g","caption":"Abhishek Sood"},"sameAs":["https:\/\/www.faronics.com\/"]}]}},"_links":{"self":[{"href":"https:\/\/www.faronics.com\/fr\/wp-json\/wp\/v2\/posts\/111081","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.faronics.com\/fr\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.faronics.com\/fr\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.faronics.com\/fr\/wp-json\/wp\/v2\/users\/148"}],"replies":[{"embeddable":true,"href":"https:\/\/www.faronics.com\/fr\/wp-json\/wp\/v2\/comments?post=111081"}],"version-history":[{"count":1,"href":"https:\/\/www.faronics.com\/fr\/wp-json\/wp\/v2\/posts\/111081\/revisions"}],"predecessor-version":[{"id":276090,"href":"https:\/\/www.faronics.com\/fr\/wp-json\/wp\/v2\/posts\/111081\/revisions\/276090"}],"wp:attachment":[{"href":"https:\/\/www.faronics.com\/fr\/wp-json\/wp\/v2\/media?parent=111081"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.faronics.com\/fr\/wp-json\/wp\/v2\/categories?post=111081"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.faronics.com\/fr\/wp-json\/wp\/v2\/tags?post=111081"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}