Security researchers at Symantec are researching its evolution and have discovered that Poweliks exploits now patched zero-day vulnerability (CVE-2015-0016) in Windows. Poweliks was first identified in 2014, but it appears that it was not fully developed at the time and could not achieve persistence on the machine, being removed at a simple restart of the computer. According to Symantec the recent version of Poweliks is used for ad-fraud purposes by the cyber criminals by launching web pages in the background and clicking on the advertisements. According to a report made by Symantec, Poweliks made about 3,000 ad requests from a single computer, each with a bid amount of $0.000503. The total revenue generated this way per day was calculated to $1.51 / €1.34. With around 200,000 zombie computers in their hands, the cyber criminals handing the Poweliks may be racking upto $20,000 / €18,000 from clicks on advertisements. According to Symantec, in half a year’s time, Poweliks compromised 198,500 computers and more than 99.5% of them were located in the US. Symantec notes that the pages loaded without the user’s knowledge sometimes hosted a web-based attack tool called Magnitude, which served an exploit for Flash Player that downloaded a variant of CryptoWall ransomware. Microsoft has since patched the Windows zero-day vulnerability.
