I don't know who this researcher is offhand and before recently I do not recall this Perpetual Horizon blog, but this recent blog entry has some amazing detail about mebroot malware. Some of the decoding stuff is over my head, but I find the memory analysis results this researcher posted as very interesting.
A Trip Down Memory Lane with Mebroot/TorpigPerpetual Horizon Security Research
Quote:
These notes describe a basic analysis of a Mebroot/Torpig infection through memory dump and observation. This particular Mebroot/Torpig infection took place in Feb of 2010, and the box also contained some type of adware that may pollute the results a bit. ...
Posted: Sat Jul 24, 2010 8:17 am 
