NEWS FROM THE LAB - Thursday, March 10, 2005

Greetings from CeBIT 2005! Posted by Mikko @ 11:59 GMT

Greetings from CeBIT 2005 in Hannover, Germany. CeBIT is by far the largest technology fair in the world.
Some statistics on CeBIT 2005:
- 6270 exhibitors from 70 countries
- 27 hangar-sized halls filled with booths
- Over 300,000 square meters of exhibition space
- Over half-a-million visitors are expected over the next 8 days

Just to jog around the exhibition area takes over an hour.

If you're in Hannover, do drop by to our booth at Hall 7, Booth D14! We're showing off cool demos and announcing new stuff.

Our 2005 booth

One of the most interesting things we're showing on our booth is F-Secure BlackLight.

F-Secure BlackLight Rootkit Elimination Technology is a new functionality we're now announcing as a technology demonstration. We will integrate this functionality into our antivirus products later this year.


Back in the days when men were men and wrote their own device drivers, there was such a thing as stealth viruses. Then came Windows 95 and stealth viruses turned extinct. Well, stealth viruses are now back in the form of Windows rootkits.

What is a rootkit? Traditionally, rootkits have been defined as software packages that modify the operating environment in a way that makes it possible for an intruder to maintain undetected and privileged access to the compromised system. Today, anything that tries to hide its presence is often refered as a rootkit. The following sites have some thoughts on the subject:

Robert Hensing's Incident Response WebLog

Sysinternals Freeware - RootkitRevealer

If you think rootkits are just niche tools for elite black hats, do check out some recent real-world viruses using rootkit techniques, like Maslan and Myfip.H.

In addition to these worms, a large number of trojans and keyloggers have file and process hiding functionality.

So we've today made public a beta tool for detecting and removing rootkits and malware with rootkit functionality. You can download it right now.

More info on rootkits here.

Signing off from Hannover,