Friday, November 6, 2009

Nov.6 PDF attack. Obama visit Asia from [username]098@gmail.com Nov 6, 2009 8:38:57 AM


Possible MalWare 'Exploit/Zordle.gen' found in '5963792_3X_PM5_EMS_MA-PDF__Obama=20visit=20Asia.pdf'. Heuristics score: 201
From: "[REMOVED]" [mailto:098@gmail.com
Sent: Friday, November 6, 2009 8:38:57 AM GMT -05:00 US/Canada Eastern
Subject: Obama's visit to Asia


Dear Colleagues,


With the upcoming Obama's visit to Asia, please find the attached paper for your kind reference.
Should you have any questions, please contact me.
Best regards,
--
signature here [REMOVED]

File Obama_visit_Asia.pdf received on 2009.11.06 18:05:36 (UTC)

Current status: finished
Result: 4/41 (9.76%)

AntivirusVersionLast UpdateResult
a-squared4.5.0.412009.11.06-
AhnLab-V35.0.0.22009.11.06-
AntiVir7.9.1.592009.11.06-
Antiy-AVL2.0.3.72009.11.05-
Authentium5.2.0.52009.11.06PDF/Pidief.O
Avast4.8.1351.02009.11.06-
AVG8.5.0.4232009.11.06-
BitDefender7.22009.11.06Exploit.PDF-JS.Gen
CAT-QuickHeal10.002009.11.06-
ClamAV0.94.12009.11.06-
Comodo28622009.11.06-
DrWeb5.0.0.121822009.11.06-
eSafe7.0.17.02009.11.05-
eTrust-Vet35.1.71072009.11.06-
F-Prot4.5.1.852009.11.06-
F-Secure9.0.15370.02009.11.04Exploit.PDF-JS.Gen
Fortinet3.120.0.02009.11.06-
GData192009.11.06Exploit.PDF-JS.Gen
IkarusT3.1.1.74.02009.11.06-
Jiangmin11.0.8002009.11.06-
K7AntiVirus7.10.8902009.11.06-
Kaspersky7.0.0.1252009.11.06-
McAfee57932009.11.05-
McAfee+Artemis57942009.11.06-
McAfee-GW-Edition6.8.52009.11.06-
Microsoft1.52022009.11.06-
NOD3245802009.11.06-
Norman6.03.022009.11.06-
nProtect2009.1.8.02009.11.06-
Panda10.0.2.22009.11.05-
PCTools7.0.3.52009.11.06-
Prevx3.02009.11.06-
Rising21.54.44.002009.11.06-
Sophos4.47.02009.11.06-
Sunbelt3.2.1858.22009.11.06-
Symantec1.4.4.122009.11.06-
TheHacker6.5.0.2.0622009.11.05-
TrendMicro9.0.0.10032009.11.06-
VBA323.12.10.112009.11.06-
ViRobot2009.11.6.20252009.11.06-
VirusBuster4.6.5.02009.11.06-


File
Obama visit Asia.pdf
MD533aa28b079b33c1609f9096ee78e73c8
Analysis Started2009-11-06 12:10:45
Report Generated2009-11-06 12:10:53
Jsand version1.03.02

Detection results

DetectorResult
Jsand 1.03.02malicious

Exploits

NameDescriptionReference
Adobe Collab overflowMultiple Adobe Reader and Acrobat buffer overflowsCVE-2007-5659
Adobe getIconStack-based buffer overflow in Adobe Reader and Acrobat via the getIcon method of a Collab objectCVE-2009-0927

 

 

 





















http://wepawet.iseclab.org/view.php?hash=33aa28b079b33c1609f9096ee78e73c8&type=js

Official Adobe announcement about the fix
Upgrade it.

Security Updates available for Adobe Reader and Acrobat

Release date: March 18, 2009
Last Updated: April 9, 2009
Vulnerability identifier: APSB09-04
CVE number: CVE-2009-0658, CVE-2009-0927, CVE-2009-0193, CVE-2009-0928, CVE-2009-1061, CVE-2009-1062

Platform: All Platforms

SummaryCritical vulnerabilities have been identified in Adobe Reader 9 and Acrobat 9 and earlier versions. These vulnerabilities would cause the application to crash and could potentially allow an attacker to take control of the affected system. There are reports that one of these issues is being exploited (CVE-2009-0658).

Adobe recommends users of Adobe Reader and Acrobat 9 update to Adobe Reader 9.1 and Acrobat 9.1. Adobe recommends users of Acrobat 8 update to Acrobat 8.1.4, and users of Acrobat 7 update to Acrobat 7.1.1. For Adobe Reader users who can’t update to Adobe Reader 9.1, Adobe has provided the Adobe Reader 8.1.4 and Adobe Reader 7.1.1 updates.

These updates resolve the issue from Security Advisory APSA09-01 and Security Bulletin APSB09-03. Users who have previously updated to Adobe Reader 9.1 and Acrobat 9.1 for Windows and Macintosh need not take any action.
As of March 24, Adobe has also made available the Adobe Reader 9.1 and Adobe Reader 8.1.4 updates for Unix.

Affected software versionsAdobe Reader 9 and earlier versions

Adobe Acrobat 9 Standard, Pro, and Pro Extended and earlier versions
http://www.adobe.com/support/security/bulletins/apsb09-04.html

No comments:

Post a Comment