ThreatExpert is a software program that runs on multiple servers and performs an automated analysis of threat samples coming from various sources.
If you want to explore ThreatExpert, read its reports, or submit your own samples for analysis, please proceed here.
This blog was created to help the users of ThreatExpert to better understand how the automated threat analysis works.
The posts at this blog will describe malware techniques and various interesting tricks that malware authors use. We’ll provide an insight into how we build our statistics, and how ThreatExpert analyses and reports threats, even those that have zero coverage at VirusTotal.
We’ll also share some tools that we build internally with the hope that these tools may help you in your malware research, or the tools that may help our customers to generically detect many high-profile threats.
These days we are seeing a substantial spike in the malware activity: a wider use of the rootkits, that become more and more complex, and in the same time, the reincarnation of the old malware techniques such as MBR or file infections.
Another important point of this blog is to describe complex malware in plain and understandable language, backed up by detailed illustrations and life analogies.
We hope you will enjoy the journey into the world of malware analysis, and we’ll do our best to be your guide in it.
Please stay with us,
Your ThreatExpert team.