Raymond Roberts Microsoft
In recent years malware has transcended its 'not so humble' beginnings to evolve in complexity to rival many decent-sized software projects. This both reflects the increased sophistication of the producers of the malicious content and is reflected in their methods of attack.
This indicates an improvement in development methodologies that enables malware producers to improve their output, adding functionality and capabilities to achieve maximum gain.
In this paper we track the evolution of certain families of malware as they have grown and diversified, adapting and improving to effectively accomplish their required results. Starting with the early variants we show how the malware has changed to meet the requirements of its producers, how the code is implemented to best fulfil those requirements, how the malware producers test their creations and how they deliver the final release to their involuntary users.
From this we draw conclusions regarding the various stages of the malware development life cycle and ascertain how their development reflects the strategies employed to produce the malware and what could be expected in future.