Monday, December 21, 2009

Dec 21 Attack of the Day.Exploit/Zordle.gen Information on the forum invitation from Yenfei.Su@gmail.com Tue, 22 Dec 2009 11:08:24 +0800


Download infected pdf as ForumInvitation.zip (Password protected, please contact me if you need it)


The message sender was
Yenfei.Su@gmail.com
The message originating IP was 168.95.4.116 The message recipients were
XXX@XXX.XXX
The message was titled 座談會邀請資料
The message date was Tue, 22 Dec 2009 11:08:24 +0800 The message identifier was
The virus or unauthorised code identified in the email is:
>>> Possible MalWare 'Exploit/Zordle.gen' found in
>>> '5963899_4X_PM5_EMS_MA-OCTET=2DSTREAM__=A5=C9=A4s=B1M=C3D3=AD=D7.pdf
>>> '. Heuristics score: 201


Headers
 Received: from msr32.hinet.net (HELO msr32.hinet.net) (168.95.4.132)
  by XXXXXX SMTP; 22 Dec 2009 03:07:58 -0000
Received: from IBM-62979760B13 (61-218-117-75.HINET-IP.hinet.net [61.218.117.75])
    by msr32.hinet.net (8.9.3/8.9.3) with ESMTP id LAA19335
    for XXXXXXXX: Yenfei.Su@gmail.com
From: "Yen-fei Su"
To: XXXXXXXXXXX
Subject: =?BIG5?B?rnm9zbd8wdy90LjqrsY=?=
Date: Tue, 22 Dec 2009 11:07:38 +0800
Message-Id:
MIME-Version: 1.0
Content-Type: multipart/mixed;     boundary="----=_NextPart_09122211024143786257804_000"
X-Priority: 3
X-Mailer: DreamMail 4.5.0.0Received: (qmail 8043 invoked from network); 22 Dec 2009 03:07:58 -0000






From: Yen-fei Su [mailto:Yenfei.Su@gmail.com]
Sent: Monday, December 21, 2009 10:08 PM
To: XXXXXXXX
Subject: 座談會邀請資料

教授:
  您好!感謝協助!
因為馬英九總統日前提到中共撤除飛彈,才能談和平協議,又說願意努力在總統任期內盡量完成與大陸簽署和平協議,和平協議是高度政治性議題,兩岸要如何談判,是不是會因此走上統一之路,而影響台灣之主權獨立。和平協議的定義、內涵,值得觀察。

  有鑑於此,呂秀蓮前副總統於12月舉辦破解國共333密碼系列座談,其中「兩岸和平協議」座談,希望邀請您蒞臨參加,擔任報告人,相關資訊如附件,敬請參閱!

說明:

1.此次座談會全程開放給媒體採訪與民眾參加。
2.玉山電報當日也會進行線上直播;座談內容的精華,會刊登在隔周
的玉山周報。
3.請報告人事先準備2000字的書面報告。此報告會事先印好,發給
現場與會人士。
4.每位報告人在第一回合有15分鐘的報告時間;每位與談人則有12
鐘評論。在第二回合,報告人可各有5分鐘回應與談人的評論。最後,所有座談人員,可再配合主持人,機動回應現場提問或意見補充。全程預計不超過兩個小時。


呂秀蓮前副總統辦公室
蘇妍妃
T:02-27786520
Cell:0921-996-570
Virustotal
 File ____________3___.pdf received on 2009.12.23 04:54:56 (UTC)
http://www.virustotal.com/analisis/24b6c65ec5d5f1da0e5d807c6b780b9109dc4b3c8e5edbecdc023db859965b05-1261544096
Result: 12/41 (29.27%)
a-squared 4.5.0.43 2009.12.22 Exploit.HTML.IframeBof!IK
AntiVir 7.9.1.122 2009.12.22 HTML/Silly.Gen
BitDefender 7.2 2009.12.23 Exploit.PDF-JS.Gen
Comodo 3336 2009.12.23 UnclassifiedMalware
F-Secure 9.0.15370.0 2009.12.23 Exploit.PDF-JS.Gen
GData 19 2009.12.22 Exploit.PDF-JS.Gen
Ikarus T3.1.1.79.0 2009.12.22 Exploit.HTML.IframeBof
Kaspersky 7.0.0.125 2009.12.23 Exploit.JS.Pdfka.auv
McAfee-GW-Edition 6.8.5 2009.12.23 Script.Silly.Gen
NOD32 4710 2009.12.22 PDF/Exploit.Gen
Norman 6.04.03 2009.12.22 HTML/Shellcode.H
TrendMicro 9.120.0.1004 2009.12.23 HTML_DROPPER.NRA

Additional information
File size: 82643 bytes
MD5...: f1ba03125981c801583413bcd18d55a4
SHA1..: baed5d8f5f0af55006b2d8e44a20d1d1cf908775
SHA256: 24b6c65ec5d5f1da0e5d807c6b780b9109dc4b3c8e5edbecdc023db859965b05

Wepawet
http://wepawet.cs.ucsb.edu/view.php?hash=f1ba03125981c801583413bcd18d55a4&type=js
File 上週的溺麻眾_.pdf
MD5 f1ba03125981c801583413bcd18d55a4
Analysis Started 2009-12-21 00:46:54
Report Generated 2009-12-21 00:49:13
Jsand version 1.03.02

Detection results
Detector Result
Jsand 1.03.02 benign :(

Google tranlation:

From: Yen-fei Su [mailto: Yenfei.Su @ gmail.com]
Sent: Monday, December 21, 2009 10:08 PM
To: XXXXXX
Subject: information on the forum invitation

Professor:
  Hello! Thanks to help!
President Ma Ying-jeou has referred to the Chinese Communists since the removal of missiles in order to talk about a peace agreement, and that willing to work hard to complete the presidential term of office, as far as possible to sign a peace agreement with mainland China, the peace agreement is a highly political issue that the two sides to how to negotiate, is not it will therefore embark on a unified way, which might affect Taiwan's independent sovereignty. The definition of a peace agreement and character, worthy of observation.

  In view of this, Annette Lu, former Vice President in December organized by the KMT-CPC 333 password cracking series of seminars, including "cross-strait peace agreement" discussions, like to invite you to come to participate as a speaker, the relevant information such as accessories, please refer to!

Description:

1. The entire forum is open to media and the public to participate.
2. Yushan telegram the same day online will be carried out live; the essence of the content of discussion will be published in the fortnightly
Yushan weekly.
3. Please report were prepared in advance a written report on 2000 words. This report will be pre-printed, distributed to
On-site participants.
4. Each speaker will have 15 minutes in the first round of the report of the time; each with about 12 others
Bell comments. In the second round, the report may have five minutes to respond to and talk about people's comments. Finally, all discussions, may be with the host, mobile to respond to on-site questions or comments to add. Entire process is expected to no more than two hours.


Annette Lu, former Vice President's Office
Su Yan Fei
T :02-27786520
Cell :0921-996-570

No comments:

Post a Comment