Flamer /SkyWiper Samples

August 13, 2012 - added an article by CERT Polska

If you didn't get enough of Flamer /SkyWiper yet, here are the samples donated by a reader. They are also available on various forums and Virustotal. Whether they are new or old, part of the "Olympic Games" or not, they are a fine example of a targeted attack.  Enjoy

 

CVE-2012-1889 Microsoft XML vulnerability - Samples and Analysis by Brian Mariani and Frédéric Bourla

Brian Mariani (High-Tech Bridge htbridge.com Geneva, Switzerland) sent a very detailed and helpful analysis of CVE 2012-1889 - "CVE-2012-1889 - Microsoft XML core services uninitialized memory vulnerability" presentation - by Brian Mariani and Frédéric Bourla, which I am publishing here.

Please download the slides in PDF format. The text of the presentation is also posted below. 

I am posting two samples - a metasploit poc file and a non-metasploit malicious code sample.