Myfip Exposed

[WPW_Feedbot]

LURHQ has released their report on Myfip worms. It makes a fascinating read. Myfip is important because, unlike most worms, it is designed to steal documents from infected computers. Forbes Global has more on malware being used in intellectual property theft.</p><p align="justify">Myfip is of particular interest also because Myfip.h is a kernel-mode rootkit - it removes its process from Windows kernel process list. The worm does this without using a driver, which is unusual.</p><p align="justify">On a related note: BlackLight, F-Secure's rootkit detection technology, will be included as an integrated scanning engine in F-Secure IS2006 security suite due to be released during autumn 2005. You can download a beta version of IS2006 and see for yourself. The integrated rootkit scanner gives the following benefits over the stand-alone version: 1) It is easier to use, 2) it is updated automatically with anti-virus updates, 3) hidden files found by BlackLight are scanned with anti-virus engines.

On 26/08/05 At 06:24 AM</p>

Read more...