Skip navigation.
Home

Backdoor.W32.rizo.ab or W32.Spybot.Worm

Hi there!

I generally write articles about software protections, so I hope that my writing style will be good for malware too.

I’m used to reverse malware but this is the first time I write about it.

Backdoor.W32.rizo.ab (Kaspersky) or W32.SpyBot.Worm (Symantec) is a worm spreading through Windows MSN, it’s not too hard to reverse, it uses some anti-VM and anti-Debug protections with a little bit of cryptography.

We will discover that the coder is not so expert (we will find some bugs).

Rizo.ab is bound to another backdoor, Net-Worm.Win32.Kolabc.gau (Kaspersky) , in this article I will analyze it too.

So, take a look at it here

Regards,
Giammarco Ferrari

Link is changed

Excuse me but wordpress changed the link to the article, the new is:

http://revengstuff.wordpress.com/files/2009/09/analyzing_rizo_ab3.pdf