A forum for reverse engineering, OS internals and malware analysis 

Flamer worm

Forum for analysis and discussion about malware.

Flamer worm

 #13467  by rkhunter
 Mon May 28, 2012 10:41 am
Flamer worm - Iran claims to discover new Stuxnet-like malware
The Iranian Computer Emergency Response Team (MAHER) claims to have discovered a new targeted malware attack attacking the country, which it has dubbed Flamer.
http://nakedsecurity.sophos.com/2012/05 ... n-malware/

Re: Flamer worm

 #13473  by Xylitol
 Mon May 28, 2012 1:48 pm
Worm.Win32.Flame for kav.
Image

They just picked hashs from crysys right ?

https://www.virustotal.com/file/69beb78 ... 338213096/
https://www.virustotal.com/file/7d5ad68 ... 338213113/
https://www.virustotal.com/file/029bcd7 ... 338213191/
Attachments
infected
(656.74 KiB) Downloaded 289 times
Last edited by Xylitol on Mon May 28, 2012 2:00 pm, edited 1 time in total.

Re: Flamer worm

 #13475  by rkhunter
 Mon May 28, 2012 2:07 pm
Hmmm, interesting, international cyber-malware-wars become more and more...

Re: Flamer worm

 #13476  by kmd
 Mon May 28, 2012 2:09 pm
hehe, perfect time for av marketing, ooppps kaspersky already did it :D This time super-puper spy malware even without zerodays on board which makes it somehow uninterested. btw for me is bizzare how guys from av company pushes this yet another overrated crap and missing overall the main point -- systems protected by their products were vulnerable as well as any others :lol:

Re: Flamer worm

 #13483  by rkhunter
 Mon May 28, 2012 4:08 pm
frame4-mdpro wrote:More info emerging -- this time from the CrySyS Lab, who name it "sKyWIper".
PDF contains the hashes for the malware components as well.

http://www.crysys.hu/skywiper/skywiper.pdf
Really great analysis! Seems Kaspersky, Symantec just copy-paste from it.
  • 1
  • 2
  • 3
  • 4
  • 5
  • 14
 Return to “Malware”