Backdoor.W32.rizo.ab or W32.Spybot.Worm
I generally write articles about software protections, so I hope that my writing style will be good for malware too.
I’m used to reverse malware but this is the first time I write about it.
Backdoor.W32.rizo.ab (Kaspersky) or W32.SpyBot.Worm (Symantec) is a worm spreading through Windows MSN, it’s not too hard to reverse, it uses some anti-VM and anti-Debug protections with a little bit of cryptography.
We will discover that the coder is not so expert (we will find some bugs).
Rizo.ab is bound to another backdoor, Net-Worm.Win32.Kolabc.gau (Kaspersky) , in this article I will analyze it too.
So, take a look at it here