NEWS FROM THE LAB - Sunday, January 21, 2007

Storm Worm starts to use Rootkit techniques Posted by Kimmo @ 21:45 GMT

The weekend has been very busy with Storm Worm. We have lately discovered new variants that have started to use kernel-mode rootkit techniques to hide their files, registry keys, and active network connections. F-Secure BlackLight is able to detect the hidden files.

Storm Worm Rootkit

These variants are now detected as W32/Stormy.AB and Trojan-Downloader.Win32.Agent.bet.