I recently took a break from poking at Storm to do real work on some custom malware recovered in a compromise here.
This analysis is of a MS GINA hook that encrypts its log file with RC4. I'm light on mechanical details of the reversing and instead have focused on screenshots, an overview of the investigation, and some perl code to do the decrypting.
You can get the analysis here:
Owning a GINA Hook
You can get the malware here: