Several Malware Analysis Reports to Learn From

Analyzing malware helps you understand the overall threat landscape. The next best thing to reverse-engineering malicious programs yourself is learning from other analysts’ reports.

Here are several excellent write-ups, authored by different researchers, which describe several types of malicious software:

  • Murofet exhibits file infection and password stealing abilities. Marco Giuliani at Prevx provided insightful analysis of this specimen.
  • Avzhan is a growing family of DDoS bots. Jeff Edwards at Arbor Networks offered a comprehensive overview of this family of malware.
  • Visal is an email worm that spreads links to malicious Windows executable files. It was thoroughly examined by SecureWorks.
  • The Hottest girls on Facebook” worm uses clickjacking and social engineering to propagate. It was researched by Krzysztof Kotowicz. George Deglin examined another example of a Facebook worm.
  • A malicious PDF file can split JavaScript across several objects. An example of this technique was documented by Tamas Rudnai at Websense.
  • Attacks often combine a malicious PDF file with a Windows executable. One such incident was analyzed by Curt Wilson.

I periodically post interesting malware analysis reports from across the web on the Reverse-Engineering Malware Course page on Facebook.

If you’d like to improve your own malware report-writing skills, take a look at my earlier note What to Include in a Malware Analysis Report, which includes a mind-map template.

Lenny Zeltser


About the Author

Lenny Zeltser is a seasoned business and tech leader with extensive cybersecurity experience. He builds innovative endpoint defense solutions as VP of Products at Minerva Labs. Beforehand, he was responsible for security product management at NCR Corp. Lenny also trains incident response and digital forensics professionals at SANS Institute. An engaging presenter, he speaks at industry events, writes articles and has co-authored books. Lenny has earned the prestigious GIAC Security Expert designation, has an MBA from MIT Sloan and a Computer Science degree from the University of Pennsylvania.

Learn more