Several Malware Analysis Reports to Learn From

Analyzing malware helps you understand the overall threat landscape. The next best thing to reverse-engineering malicious programs yourself is learning from other analysts’ reports.

Here are several excellent write-ups, authored by different researchers, which describe several types of malicious software:

  • Murofet exhibits file infection and password stealing abilities. Marco Giuliani at Prevx provided insightful analysis of this specimen.
  • Avzhan is a growing family of DDoS bots. Jeff Edwards at Arbor Networks offered a comprehensive overview of this family of malware.
  • Visal is an email worm that spreads links to malicious Windows executable files. It was thoroughly examined by SecureWorks.
  • The Hottest girls on Facebook" worm uses clickjacking and social engineering to propagate. It was researched by Krzysztof Kotowicz. George Deglin examined another example of a Facebook worm.
  • A malicious PDF file can split JavaScript across several objects. An example of this technique was documented by Tamas Rudnai at Websense.
  • Attacks often combine a malicious PDF file with a Windows executable. One such incident was analyzed by Curt Wilson.

I periodically post interesting malware analysis reports from across the web on the Reverse-Engineering Malware Course page on Facebook.

If you’d like to improve your own malware report-writing skills, take a look at my earlier note What to Include in a Malware Analysis Report, which includes a mind-map template.

Lenny Zeltser


About the Author

I transform ideas into successful outcomes, building on my 25 years of experience in cybersecurity. As the CISO at Axonius, I lead the security program to earn customers' trust. I'm also a Faculty Fellow at SANS Institute, where I author and deliver training for incident responders. The diversity of cybersecurity roles I've held over the years and the accumulated expertise, allow me to create practical solutions that drive business growth.

Learn more