
CURRENT SECTION :: TechZone	UK's most visited IT Contractor Site - 250k unique visitors March 2008

Members
Subscribe to our news letter service to keep current with the latest news and information. Click here to join.

Site Navigation
Home News Contractor Alliance Free Stuff Company Formation Bulletin Board First Timers Trading Structures Legal : IR35 / IR591 Legal : S660 Tax/Legal Q&A Jobs Contract Search Urgent Contracts Overseas Guides Market Stats Money Insurance Training Directory Agency Directory TechZone Contact Us

Search
Advanced Search

News for you
RSS XML feed News feed for your site News feed information

News article sponsored by...

Maximising Contractors' Returns

Safe, effective solutions for contractors

Call now on 08702 880055

Net worm slithers to steal corporate IP

An internet worm that evades system administrators and infects computer systems without alerting conventional anti-virus tools is wreaking the first signs of havoc in the corporate world.

F-Secure identify a growing wave of so-called ‘stealth worms,’ characterized by the aggressive Myfip H, which has put corporations on alert for its ability to steal intellectual property.

According to the firm, Myfip and its variants, Mytob and Rbot, use stealth kernel rootkit techniques to slither past system administrators and bypass standard AV software.

This happens because a rootkit worm has already corrupted the system or, the incoming worm hides its files and malicious processes before the AV software update able to detect it is installed.

First reported by security firms in February, Myfip specifically targeted PDF files and spread using network shares that are either unprotected or protected only by weak passwords.

F-Secure says that unlike the prolific Zotob worm, variant H of Myfip is not self-propagating because it wants to “cause as little interest as possible in order to carry out its mission.”

It enters a corporate network through spam e-mail and upon activation by a user clicking a link in a spoof message, navigates through the local hard disk and the network searching for predefined file types.

Originally, it stole information from files with the extensions; DOC, PDF, DWF, DWG; DWT, SCH, PCB, and MAX, subsequently sending all data retrieved back to the attacker. The same behaviour is expected from the latest variant.

Mikko Hypponen, chief research officer at F-Secure, said the worm is a viral precursor of what systems administrators should expect to confront in the future.

“Myfip is a good example of the new kind of malware which is used to perform very specific tasks, usually criminally motivated. Kernel-mode rootkit worms are a clear and present threat for corporations with intellectual property rights to protect. After the rootkit is active in the memory, traditional anti-virus software has real problems detecting it.”

F-Secure recommended concerned IT users to trial run its beta version of BlackLight, which fights attackers using rootkit technologies, in light of their claim that “no other commercial AV solution includes rootkit scanning technology.”

Sep 5, 2005

Email this article
Printer friendly page
Previous Page


All content © Contractor UK Limited	[Register for News Letter] \| [Privacy Statement] \| [Terms of Use] \| [Top of Page]