Flamer- New Stuxnet-like malware

360Tencent

crazy world~

Kaspersky:

https://www.securelist.com/en/bl ... estions_and_Answers

http://www.securelist.com/en/blo ... nch_and_BeetleJuice

https://www.securelist.com/en/bl ... _Flames_C_C_Servers

https://www.securelist.com/en/bl ... g_vector_identified

http://www.securelist.com/en/blo ... e_MITM_proxy_server

http://www.securelist.com/en/blo ... et_the_missing_link

SOPHOS

http://nakedsecurity.sophos.com/2012/05/28/flamer-iran-malware/

http://nakedsecurity.sophos.com/ ... lware-cyber-attack/

http://nakedsecurity.sophos.com/ ... little-perspective/

http://nakedsecurity.sophos.com/ ... nst-windows-update/


Symantec

http://www.symantec.com/connect/ ... targets-middle-east

http://www.symantec.com/connect/blogs/painting-picture-w32flamer

http://www.symantec.com/connect/blogs/flamer-recipe-bluetoothache

http://www.symantec.com/connect/ ... tricks-and-exploits

http://www.symantec.com/connect/ ... igital-certificates

http://www.symantec.com/connect/ ... ous-data-collection

http://www.symantec.com/connect/blogs/flamer-urgent-suicide

McAfee

http://blogs.mcafee.com/mcafee-l ... es-of-cyber-warfare

http://blogs.mcafee.com/mcafee-l ... wiper-files-tell-us

http://blogs.mcafee.com/mcafee-l ... loys-windows-update

F-Secure

http://www.f-secure.com/weblog/archives/00002371.html

http://www.f-secure.com/weblog/archives/00002372.html

http://www.f-secure.com/weblog/archives/00002377.html

http://www.f-secure.com/weblog/archives/00002378.html

http://www.f-secure.com/weblog/archives/00002383.html

Bitdefender

http://labs.bitdefender.com/2012 ... levels-with-flamer/(3rd update)

http://labs.bitdefender.com/2012 ... ed-by-human-vector/

http://labs.bitdefender.com/2012 ... -the-flamer-puzzle/

http://labs.bitdefender.com/2012 ... o-thwart-antivirus/

ESET

http://blog.eset.com/2012/05/29/flamer-the-21st-century-whale

http://blog.eset.com/2012/06/03/ ... -is-no-good-malware

http://blog.eset.com/2012/08/02/ ... work-reconstruction

TrendMicro

http://blog.trendmicro.com/flame ... p-threat-landscape/

http://blog.trendmicro.com/update-on-flame/

Intego:

http://www.intego.com/mac-securi ... no-reason-to-panic/

http://www.intego.com/mac-securi ... te-to-combat-flame/

AVIRA

http://techblog.avira.com/2012/0 ... he-flame-trojan/en/

http://techblog.avira.com/2012/0 ... he-flame-trojan/en/

PANDA

http://pandalabs.pandasecurity.c ... utm_content=PLFLAME

AVAST

https://blog.avast.com/2012/06/0 ... tacks-caveat-coder/

GDATA

http://blog.gdatasoftware.com/bl ... are-ever-found.html

Fortinet

http://blog.fortinet.com/flame-q-a/

http://blog.fortinet.com/the-adv ... -the-flame-malware/

iss source

http://www.isssource.com/breaking-down-flames-roots/

Microsoft

http://blogs.technet.com/b/srd/a ... -flame-malware.aspx

http://blogs.technet.com/b/msrc/ ... update-rollout.aspx

Norman

http://blogs.norman.com/2012/sec ... amer-string-decoder


http://blogs.norman.com/2012/sec ... mmon-than-you-think
Emsisoft

http://www.emsisoft.com/en/kb/articles/ticker120614/

GFI


http://www.gfi.com/blog/analyzin ... webinar-now-online/

伊朗官方声明

http://www.certcc.ir/index.php?n ... rticle&sid=1894

http://certcc.ir/index.php?name= ... rticle&sid=1892

CrySyS实验室研究报告

http://www.crysys.hu/skywiper/skywiper.pdf

Flamer Analysis By Malware.lu

https://code.google.com/p/malware-lu/wiki/en_malware_flamer

soapr32.ocx 分析报告

http://stratsec.blogspot.com/201 ... ent-soapr32ocx.html


Flame WhitePaper by McAfee

http://www.mcafee.com/us/resourc ... per_Brief_v.1.2.pdf

Cuckoo in Flame

http://blog.cuckoobox.org/2012/05/29/cuckoo-in-flame/

How old is Flame?

http://labs.alienvault.com/labs/index.php/2012/how-old-is-flame/

Flamer Indicators Of Compromise (OpenIOC)

http://labs.alienvault.com/labs/ ... compromise-openioc/

对卡巴斯基分析的质疑

http://jeffreycarr.blogspot.com/ ... flame-analysis.html

Flame: First Impressions (Free Prose)

http://stratsec.blogspot.fr/2012 ... ons-free-prose.html

hashes collection
http://artemonsecurity.blogspot.com/2012/05/flamer-goes-itw.html

msglu32.ocx 分析

http://stratsec.blogspot.com/201 ... onent-that-can.html

Defeating Flame String Obfuscation with IDAPython

http://blog.spiderlabs.com/2012/ ... with-idapython.html

FLAMER/SKYWIPER MALWARE: ANALYSIS

http://blog.fireeye.com/research ... wiper-analysis.html

http://blog.fireeye.com/research ... per-cnc-update.html


Flame/Flamer/Skywiper - one of the most advanced malware found yet 

http://community.websense.com/bl ... lamer-skywiper.aspx

Why Flame is a pain to analyze - a look at its intricate compilation style

http://scrammed.blogspot.it/2012 ... nalyze-look-at.html

相关文件在线监测报告

https://www.virustotal.com/file/ ... nalysis/1338213096/

https://www.virustotal.com/file/ ... nalysis/1338213113/

https://www.virustotal.com/file/ ... nalysis/1338213191/



PW：infected

Nocria

To AVG & F-Secure.

hx1997

To ESET.

Howl

过微点扫描

留侯

过大蜘蛛，已上报！

s8706042

Send to Trend Micro!

275751198

上报360，但是基本应该会被miss掉

GiBson

弱弱地问下，这些非可执行程序要怎么测试它们的行为哦？？？

hx1997

GiBson 发表于 2012-5-28 23:43
弱弱地问下，这些非可执行程序要怎么测试它们的行为哦？？？

dll 的话，找一个宿主来加载它，然后监视这个宿主的行为就行了。
至于 sys，可能要加载到系统里，然后监视整个系统。

GiBson

hx1997 发表于 2012-5-28 23:47
dll 的话，找一个宿主来加载它，然后监视这个宿主的行为就行了。
至于 sys，可能要加载到系统里，然后监 ...

随便什么宿主都行？