Malware development life cycle

Raymond Roberts Microsoft

In recent years malware has transcended its 'not so humble' beginnings to evolve in complexity to rival many decent-sized software projects. This both reflects the increased sophistication of the producers of the malicious content and is reflected in their methods of attack.

This indicates an improvement in development methodologies that enables malware producers to improve their output, adding functionality and capabilities to achieve maximum gain.

In this paper we track the evolution of certain families of malware as they have grown and diversified, adapting and improving to effectively accomplish their required results. Starting with the early variants we show how the malware has changed to meet the requirements of its producers, how the code is implemented to best fulfil those requirements, how the malware producers test their creations and how they deliver the final release to their involuntary users.

From this we draw conclusions regarding the various stages of the malware development life cycle and ascertain how their development reflects the strategies employed to produce the malware and what could be expected in future.


We have placed cookies on your device in order to improve the functionality of this site, as outlined in our cookies policy. However, you may delete and block all cookies from this site and your use of the site will be unaffected. By continuing to browse this site, you are agreeing to Virus Bulletin's use of data as outlined in our privacy policy.