A forum for reverse engineering, OS internals and malware analysis 

Forum for analysis and discussion about malware.
 #13488  by EP_X0FF
 Mon May 28, 2012 7:30 pm
What funny part of this is that if this malware were detected somewhere other than Middle East - it was never get the same PR impact. This make me think this is well planned hysterics. None of previous Stuxnet or Duqu wasn't really sophisticated in meaning of "malware" as we know it, they are practically intrusion/sabotage kits simple not seen before. Most interesting parts for common pulic of course were zerodays embedded in both. This so far comes without anything like this. And yes we all gonna die, sure, I will go check my winlogon memory.
 #13489  by rkhunter
 Mon May 28, 2012 7:46 pm
EP_X0FF wrote:What funny part of this is that if this malware were detected somewhere other than Middle East - it was never get the same PR impact.
Is it not surprising for you that all this researches from Kaspersky, Symantec, Sophos appeared in one day; and in this one day samples gone ITW.
 #13490  by EP_X0FF
 Mon May 28, 2012 7:51 pm
This is called "cartel" :)
and in this one day samples gone ITW
Well Crysys published hash sums, so I assume some guys simple checked their databases and even uploaded files to Virustotal.
 #13491  by rkhunter
 Mon May 28, 2012 7:58 pm
EP_X0FF wrote:Well Crysys published hash sums
You right, respect for Crysys again.
 #13492  by testsils
 Mon May 28, 2012 11:19 pm
Anybody has a sample of the main component named mssecmgr.ocx a592d49ff32fe130591ecfde006ffa4fb34140d5

tx
  • 1
  • 2
  • 3
  • 4
  • 5
  • 14