Sunday, December 6, 2009

Dec.6 PDF attack. What Can the U.S. Learn from China’s Energy Policy? from matthewgebert@yahoo.com Sun, 6 Dec 2009 06:56:40


Download infected attachments (password protected archive. You will have to contact me for a password)




From: Matthew Gebert [mailto:matthewgebert@yahoo.com]


Sent: Sunday, December 06, 2009 9:57 AM


To: matthewgebert@yahoo.com


Subject: What Can the U.S. Learn from China’s Energy Policy?






The joke among China hands goes like this: If the Americans and the Chinese start talking about a major project today, in two years the Chinese will be done and the Americans will still be talking and applying for permits.
The message sender was
    matthewgebert@yahoo.com

 The message was titled What Can the U.S. Learn from China’s Energy Policy?
The message date was Sun, 6 Dec 2009 06:56:40 -0800 (PST) The message identifier was <133325.58274.qm@web113916.mail.gq1.yahoo.com>
The virus or unauthorised code identified in the email is:
F-Secure Security Platform version 1.12  build 6412 Copyright (c) 1999-2007 F-Secure Corporation. All Rights Reserved.

Scan started at Sun Dec  6 14:56:44 2009 Database version: 2009-12-05_02

attach/5963824_3X_PM5_EMS_MA-PDF__China=27s=2DEnergy=2DPolicy=2DAnalysis.pdf: Infected: Exploit.SWF.Agent.ci [AVP]
attach/5963824_4X_PM6_EMS_MA-PDF__WhatCantheU.S.LearnfromChina=27sEnergyPolicy.pdf: Infected: Exploit.JS.Pdfka.ajt [AVP]

Scan ended at Sun Dec  6 14:56:45 2009
5 files scanned
2 files infected



Virustotal analysis

1) WhatCantheU.S.LearnfromChina'sEnergyPolicy.pdf
http://www.virustotal.com/analisis/fe409720fc23d950a99f419728b062a8a82e43aac45c72b22d84a853ec52fb1d-1260288148

File WhatCantheU.S.LearnfromChina'sEnergyPolicy.pdf received on 2009.12.08 16:02:28 (UTC)

Result: 9/41 (21.96%)

AhnLab-V3 5.0.0.2 2009.12.08 PDF/Exploit-JBIG2
Avast 4.8.1351.0 2009.12.08 PDF:CVE-2009-0658
BitDefender 7.2 2009.12.08 Exploit.PDF-JBIG2Decode.Gen
eSafe 7.0.17.0 2009.12.08 PDF exploit CVE-2009-0658
F-Secure 9.0.15370.0 2009.12.07 Exploit.PDF-JBIG2Decode.Gen
GData 19 2009.12.08 PDF:CVE-2009-0658 
Kaspersky 7.0.0.125 2009.12.08 Exploit.JS.Pdfka.ajt
McAfee-GW-Edition 6.8.5 2009.12.08 Heuristic.BehavesLike.PDF.Suspicious.Z
Sophos 4.48.0 2009.12.08 Troj/PDFEx-CB

Additional information
File size: 496810 bytes
MD5...: fcff95e5a0736d6e1a861f415b19a4b2
SHA1..: 6751d664d720157d4fcd7dee78f6204e0162d8eb
SHA256: fe409720fc23d950a99f419728b062a8a82e43aac45c72b22d84a853ec52fb1d
ssdeep: 12288:f5o7rl8tOmCQbudFJYp/RLk4Vmp98F/WybTuanmraS:1OdQbCFJYUo28F/
JbfndS

Wepawet analysis
FileWhatCantheU.S.LearnfromChina\'sEnergyPolicy.pdf
MD5fcff95e5a0736d6e1a861f415b19a4b2
Analysis Started2009-12-08 08:16:22
Report Generated2009-12-08 08:16:38
Jsand version1.03.02

Detection results

DetectorResult
Jsand 1.03.02malicious

Exploits

NameDescriptionReference
JBIG2 VulnerabilityVulnerability in the processing of JBIG2 streams embedded in PDF files SA33901
http://secunia.com/gfx/pdf/SA33901_BA.pdf
=============================================================
2) China's-Energy-Policy-Analysis.pdf  http://www.virustotal.com/analisis/48b65c996aeeccdcf1e5409eeff32a24546e297288aabe64de369f60eb40d4e8-1260288154

Result: 5/40 (12.5%)

BitDefender 7.2 2009.12.08 Trojan.SWF.HeapSpray.B
F-Secure 9.0.15370.0 2009.12.07 Trojan.SWF.HeapSpray.B
GData 19 2009.12.08 Trojan.SWF.HeapSpray.B
Kaspersky 7.0.0.125 2009.12.08 Exploit.SWF.Agent.ci
Sunbelt 3.2.1858.2 2009.12.08 Exploit.PDF-JS.Gen (v)

Additional information
File size: 470008 bytes
MD5...: 7a43c74ef3bbb871e52c015cdd323ffa
SHA1..: 28a2536ee363ceffe0a628bcc71f548710a346c6
SHA256: 48b65c996aeeccdcf1e5409eeff32a24546e297288aabe64de369f60eb40d4e8
ssdeep: 12288:i+eMeJaUEgCoRPIZ8/XH5sVvgCFERySG+5JzZnZLCU31FBzk:i+eJaUELo
RAZ4XH15BGKJZb31FBzk

Wepawet analysis

FileChina\'s-Energy-Policy-Analysis.pdf
MD57a43c74ef3bbb871e52c015cdd323ffa
Analysis Started2009-12-08 08:23:51
Report Generated2009-12-08 08:24:10
Jsand version1.03.02

Detection results

DetectorResult
Jsand 1.03.02benign

No comments:

Post a Comment