Update: Adobe Released the patch yesterday and I posted a few samples below. There were several campaigns with two variants -
1) unencrypted (some are not working - see explanation below)
2) AESV3 encrypted (try to use Origami to decrypt these). Each of the posted samples are marked by their 'type"
CVE-2011-2462 the new Adobe Zero files come with the same payload we saw in CVE-2010-3654 Adobe Flash player zero day vulnerability, trojan Sykipot - using the same technique with injecting a DLL file into
iexplore, or firefox.exe, or outlook.exe and communicating with hXXps://www.prettylikeher.com/asp/kys_allow_get.asp?name=getkys.kys over HTTPS. Brandon Dixon from 9bplus.com posted a great initial analysis of Java script and payload from a file with this exploit, I am just adding a few additional details.