Several Malware Analysis Reports to Learn From

Analyzing malware helps you understand the overall threat landscape. The next best thing to reverse-engineering malicious programs yourself is learning from other analysts’ reports.

Here are several excellent write-ups, authored by different researchers, which describe several types of malicious software:

  • Murofet exhibits file infection and password stealing abilities. Marco Giuliani at Prevx provided insightful analysis of this specimen.
  • Avzhan is a growing family of DDoS bots. Jeff Edwards at Arbor Networks offered a comprehensive overview of this family of malware.
  • Visal is an email worm that spreads links to malicious Windows executable files. It was thoroughly examined by SecureWorks.
  • The Hottest girls on Facebook" worm uses clickjacking and social engineering to propagate. It was researched by Krzysztof Kotowicz. George Deglin examined another example of a Facebook worm.
  • A malicious PDF file can split JavaScript across several objects. An example of this technique was documented by Tamas Rudnai at Websense.
  • Attacks often combine a malicious PDF file with a Windows executable. One such incident was analyzed by Curt Wilson.

I periodically post interesting malware analysis reports from across the web on the Reverse-Engineering Malware Course page on Facebook.

If you’d like to improve your own malware report-writing skills, take a look at my earlier note What to Include in a Malware Analysis Report, which includes a mind-map template.

Lenny Zeltser


About the Author

I transform ideas into successful outcomes, building on my 25 years of experience in cybersecurity. As the CISO at Axonius, I lead the security program to earn customers' trust. I'm also a Faculty Fellow at SANS Institute, where I author and deliver training for incident responders. My expertise, which spans cybersecurity, IT, and leadership, allows me to create practical security solutions that drive business growth.

Learn more