Myfip Worm Analysis

Another malware analysis, by LURHQ; worth a read.  Myfip is a tool for stealing intellectual property.

One of the unanswered questions is what the thieves do with all the files this tool sends back to the FTP server.  If they were to capture everything on my work PC, they’d get a middle manager’s desktop conglomeration:  Thousands of more-or-less useless files and a few dozen documents which would probably be valuable to someone.  There are also a bunch of database files (in several formats) which could be mined, but aren’t clearly useful as they stand.  I have trouble finding stuff in this mess; how would someone who doesn’t work here make sense of it?

Not that it couldn’t be done; it’s what spies do for a living, after all.  But I’m interested in how these gals(?) approach the problem. Might be something of value for us civilians.


Link courtesy of F-Secure’s blog.