Sunday, December 6, 2009

Dec.6 PDF attack. What Can the U.S. Learn from China’s Energy Policy? from Sun, 6 Dec 2009 06:56:40

Download infected attachments (password protected archive. You will have to contact me for a password)

From: Matthew Gebert []

Sent: Sunday, December 06, 2009 9:57 AM


Subject: What Can the U.S. Learn from China’s Energy Policy?

The joke among China hands goes like this: If the Americans and the Chinese start talking about a major project today, in two years the Chinese will be done and the Americans will still be talking and applying for permits.
The message sender was

 The message was titled What Can the U.S. Learn from China’s Energy Policy?
The message date was Sun, 6 Dec 2009 06:56:40 -0800 (PST) The message identifier was <>
The virus or unauthorised code identified in the email is:
F-Secure Security Platform version 1.12  build 6412 Copyright (c) 1999-2007 F-Secure Corporation. All Rights Reserved.

Scan started at Sun Dec  6 14:56:44 2009 Database version: 2009-12-05_02

attach/5963824_3X_PM5_EMS_MA-PDF__China=27s=2DEnergy=2DPolicy=2DAnalysis.pdf: Infected: [AVP]
attach/5963824_4X_PM6_EMS_MA-PDF__WhatCantheU.S.LearnfromChina=27sEnergyPolicy.pdf: Infected: Exploit.JS.Pdfka.ajt [AVP]

Scan ended at Sun Dec  6 14:56:45 2009
5 files scanned
2 files infected

Virustotal analysis

1) WhatCantheU.S.LearnfromChina'sEnergyPolicy.pdf

File WhatCantheU.S.LearnfromChina'sEnergyPolicy.pdf received on 2009.12.08 16:02:28 (UTC)

Result: 9/41 (21.96%)

AhnLab-V3 2009.12.08 PDF/Exploit-JBIG2
Avast 4.8.1351.0 2009.12.08 PDF:CVE-2009-0658
BitDefender 7.2 2009.12.08 Exploit.PDF-JBIG2Decode.Gen
eSafe 2009.12.08 PDF exploit CVE-2009-0658
F-Secure 9.0.15370.0 2009.12.07 Exploit.PDF-JBIG2Decode.Gen
GData 19 2009.12.08 PDF:CVE-2009-0658 
Kaspersky 2009.12.08 Exploit.JS.Pdfka.ajt
McAfee-GW-Edition 6.8.5 2009.12.08 Heuristic.BehavesLike.PDF.Suspicious.Z
Sophos 4.48.0 2009.12.08 Troj/PDFEx-CB

Additional information
File size: 496810 bytes
MD5...: fcff95e5a0736d6e1a861f415b19a4b2
SHA1..: 6751d664d720157d4fcd7dee78f6204e0162d8eb
SHA256: fe409720fc23d950a99f419728b062a8a82e43aac45c72b22d84a853ec52fb1d
ssdeep: 12288:f5o7rl8tOmCQbudFJYp/RLk4Vmp98F/WybTuanmraS:1OdQbCFJYUo28F/

Wepawet analysis
Analysis Started2009-12-08 08:16:22
Report Generated2009-12-08 08:16:38
Jsand version1.03.02

Detection results

Jsand 1.03.02malicious


JBIG2 VulnerabilityVulnerability in the processing of JBIG2 streams embedded in PDF files SA33901
2) China's-Energy-Policy-Analysis.pdf

Result: 5/40 (12.5%)

BitDefender 7.2 2009.12.08 Trojan.SWF.HeapSpray.B
F-Secure 9.0.15370.0 2009.12.07 Trojan.SWF.HeapSpray.B
GData 19 2009.12.08 Trojan.SWF.HeapSpray.B
Kaspersky 2009.12.08
Sunbelt 3.2.1858.2 2009.12.08 Exploit.PDF-JS.Gen (v)

Additional information
File size: 470008 bytes
MD5...: 7a43c74ef3bbb871e52c015cdd323ffa
SHA1..: 28a2536ee363ceffe0a628bcc71f548710a346c6
SHA256: 48b65c996aeeccdcf1e5409eeff32a24546e297288aabe64de369f60eb40d4e8
ssdeep: 12288:i+eMeJaUEgCoRPIZ8/XH5sVvgCFERySG+5JzZnZLCU31FBzk:i+eJaUELo

Wepawet analysis

Analysis Started2009-12-08 08:23:51
Report Generated2009-12-08 08:24:10
Jsand version1.03.02

Detection results

Jsand 1.03.02benign

No comments:

Post a Comment