Viruses, worms, trojans and other stuff

Wednesday, August 31, 2005

Myfip stealth worm prowls corporate networks to steal documents

A growing wave of stealth worms and malware using rootkit functionality specifically created to steal intellectual property has put corporations on the alert. One worm in particular, Myfip.H uses stealth kernel rootkit techniques to hide from the system administrator and conventional AV software. It is designed to infect computers and steal data. Stealth variants of common malware such as Mytob and Rbot are also a cause of growing concern for corporations.

An actively running stealth worm that uses rootkit technologies can remain undetected by ordinary AV software. This can happen if the system is already infected by a rootkit worm before the AV software is installed, or in the case of where a new worm has hidden its files and processes before the AV software update capable of detecting the worm has been installed. F-Secure has developed a new weapon to fight attacks that use rootkit technologies: the F-Secure BlackLight™ rootkit scanner. Test versions of the tool are available for free at http://www.f-secure.com/blacklight .

In its forthcoming F-Secure Internet Security 2006 security suite due for release this autumn, BlackLight™ will be included as an integrated scanning engine. The engine updates automatically with anti-virus updates and then scans hidden rootkit files found by BlackLight™ with anti-virus engines. BlackLight™ was first introduced as a beta version at the CeBIT fair in Hannover, Germany in March. Currently no other commercial AV solutions include rootkit scanning technology.