The recent Adobe Flash 0 Day (CVE-2011-2110) is a classic case of an old malware that has used new 0 days as a vector to spread itself. How and why I will explain shortly, first a little detail about the exploit itself. The exploit is targeting a vulnerability in the Action Script Virtual machine according to our good friends at Shadowserver. The swf file takes an info parameter and a successful exploitation leads to the download of a zlib compressed and xor encoded binary. The two GET requests in succession would look like this