14 Oct 2010
ThreatExpert has a good post on the process they use to figure out what URL's a certain malware specimen (Murofet) will call back to. They reverse engineer it, but how they actually write the program to generate the URL's is interesting.