NEWS FROM THE LAB - Friday, August 26, 2005

Myfip Exposed Posted by Mika @ 06:24 GMT

LURHQ has released their report on Myfip worms. It makes a fascinating read. Myfip is important because, unlike most worms, it is designed to steal documents from infected computers. Forbes Global has more on malware being used in intellectual property theft.

Myfip is of particular interest also because Myfip.h is a kernel-mode rootkit - it removes its process from Windows kernel process list. The worm does this without using a driver, which is unusual.

On a related note: BlackLight, F-Secure's rootkit detection technology, will be included as an integrated scanning engine in F-Secure IS2006 security suite due to be released during autumn 2005. You can download a beta version of IS2006 and see for yourself. The integrated rootkit scanner gives the following benefits over the stand-alone version: 1) It is easier to use, 2) it is updated automatically with anti-virus updates, 3) hidden files found by BlackLight are scanned with anti-virus engines.