In late February of this year multiple security companies (FireEye, AlientVault, SecPod, Symantec, plus many more) were reporting on a Flash zero-day vulnerability (CVE-2014-0502) being exploited in the wild. Around this time a friend asked me if I could reverse the exploit and its associated files in order to write a decoder for it. The purpose of the requested decoder was to statically determine the URL from where the backdoor executable (shown later) would be downloaded
read more.....http://volatility-labs.blogspot.com/2014/04/building-decoder-for-cve-2014-0502.html
read more.....http://volatility-labs.blogspot.com/2014/04/building-decoder-for-cve-2014-0502.html