Analyzing malware helps you understand the overall threat landscape. The next best thing to reverse-engineering malicious programs yourself is learning from other analysts’ reports.
Here are several excellent write-ups, authored by different researchers, which describe several types of malicious software:
- Murofet exhibits file infection and password stealing abilities. Marco Giuliani at Prevx provided insightful analysis of this specimen.
- Avzhan is a growing family of DDoS bots. Jeff Edwards at Arbor Networks offered a comprehensive overview of this family of malware.
- Visal is an email worm that spreads links to malicious Windows executable files. It was thoroughly examined by SecureWorks.
- “The Hottest girls on Facebook” worm uses clickjacking and social engineering to propagate. It was researched by Krzysztof Kotowicz. George Deglin examined another example of a Facebook worm.
- A malicious PDF file can split JavaScript across several objects. An example of this technique was documented by Tamas Rudnai at Websense.
- Attacks often combine a malicious PDF file with a Windows executable. One such incident was analyzed by Curt Wilson.
I periodically post interesting malware analysis reports from across the web on the Reverse-Engineering Malware Course page on Facebook.
If you’d like to improve your own malware report-writing skills, take a look at my earlier note What to Include in a Malware Analysis Report, which includes a mind-map template.
轉自 http://blog.zeltser.com/post/1358737300/malware-analysis-reports
0 意見: