EP_X0FF wrote:Does not really matter now was it collaboration or copy-past :) Pionner title goes to Kaspersky.He-h, that's not good, but better that F-Secure "researches" http://www.f-secure.com/weblog/archives/00002371.html. :facepalm:
A forum for reverse engineering, OS internals and malware analysis
What funny part of this is that if this malware were detected somewhere other than Middle East - it was never get the same PR impact. This make me think this is well planned hysterics. None of previous Stuxnet or Duqu wasn't really sophisticated in meaning of "malware" as we know it, they are practically intrusion/sabotage kits simple not seen before. Most interesting parts for common pulic of course were zerodays embedded in both. This so far comes without anything like this. And yes we all gonna die, sure, I will go check my winlogon memory.
Ring0 - the source of inspiration
EP_X0FF wrote:What funny part of this is that if this malware were detected somewhere other than Middle East - it was never get the same PR impact.Is it not surprising for you that all this researches from Kaspersky, Symantec, Sophos appeared in one day; and in this one day samples gone ITW.
This is called "cartel" :)
and in this one day samples gone ITWWell Crysys published hash sums, so I assume some guys simple checked their databases and even uploaded files to Virustotal.
Ring0 - the source of inspiration
EP_X0FF wrote:Well Crysys published hash sumsYou right, respect for Crysys again.
Anybody has a sample of the main component named mssecmgr.ocx a592d49ff32fe130591ecfde006ffa4fb34140d5
tx
tx
Attachments
infected
(54.24 KiB) Downloaded 154 times
(54.24 KiB) Downloaded 154 times
Kaspersky article contains a funny comment from spritrig:
FLAME and Lua are both from Brazil. Was a downloadable software, which uses Lua, just mistaken for a nation sponsored virus? Paranoia and an irresponsible press are a powerful combination. :)
http://martin.lncc.br/main-software-flame
http://wiki.martin.lncc.br/instalacao-flame-en
omer wrote:Hi,http://www.kernelmode.info/forum/viewto ... 675#p13473
I'm looking for sample of W32.Flamer.
http://www.kernelmode.info/forum/viewto ... =10#p13493
http://labs.bitdefender.com/wp-content/ ... er_x86.exe
http://labs.bitdefender.com/wp-content/ ... er_x64.exe
RemovalTool from Bitdefender
more and more vendors join the game ;)
http://labs.bitdefender.com/2012/05/cyb ... th-flamer/
http://blog.eset.com/2012/05/29/flamer- ... tury-whale
http://labs.bitdefender.com/wp-content/ ... er_x64.exe
RemovalTool from Bitdefender
more and more vendors join the game ;)
http://labs.bitdefender.com/2012/05/cyb ... th-flamer/
http://blog.eset.com/2012/05/29/flamer- ... tury-whale
