Tuesday, December 15, 2009

Dec.13 Adobe 0 day CVE-2009-4324 PDF attack of the Day (#2) Interview Request from fureer.angelica@gmail.com Sun, 13 Dec 2009 14:13:46


Download "Outline of interview" infected pdf. (password protected archive. Contact me for the password. If you got the first verison of the adobe zero day of Fri, Dec 11, the password is the same) 
Note: A few people reported problems with unzipping the files - use 7Zip http://www.7-zip.org if you do. Please email the name of the file or provide a link when asking for a password.

New Adobe zero day exploit message (#2)  See #1 here
From: Fureer Angelica [mailto:fureer.angelica@gmail.com]
Sent: 2009-12-13 12:14 AM
To: XXXXXX
Subject: Interview Request


This is Fureer Angelica, diplomaic broadcaster for CNN in DC.
There's growing concern about the U.S.-North Korea bilateral talks.
So, we're planning an Interview about them.
Attached is the outline of the interview.


p.s. Detailed schedules will be followed soon if you accept the offer.

Messagelabs detects it easily
The message sender was
fureer.angelica@gmail.com

The message originating IP was 209.85.222.117 The message recipients were
XXX@XXX.XXX

The message was titled Interview Request The message date was Sun, 13 Dec 2009 14:13:46 +0900 The message identifier was <9c3b16360912122113s2a953d1dqfdb5a6ddb8f35c5a@mail.gmail.com>
The virus or unauthorised code identified in the email is:
Possible MalWare 'JS/PDFEncoded' found in
'5963838_1001X_PA3_APDF__pdf_obj_110_0.js'. Heuristics score: 651





Virustotal results.
http://www.virustotal.com/analisis/e72f47056bfc0c7638425e7ef3925cc2963acae761325fef2dfa6feb5cb37fa0-1260891775
File outline_of_interview.pdf received on 2009.12.15 15:48:16 (UTC)
Result: 8/41 (19.52%)
Antivirus Version Last Update Result

AntiVir 7.9.1.108 2009.12.15 HTML/Malicious.PDF.Gen
eSafe 7.0.17.0 2009.12.15 PDF.Exploit.4
Kaspersky 7.0.0.125 2009.12.15 Exploit.JS.Pdfka.atq
McAfee-GW-Edition 6.8.5 2009.12.15 Script.Malicious.PDF.Gen
Microsoft 1.5302 2009.12.15 Exploit:Win32/Pdfjsc.CO
NOD32 4690 2009.12.15 PDF/Exploit.Gen
PCTools 7.0.3.5 2009.12.15 Trojan.Pidief
Symantec 1.4.4.12 2009.12.15 Trojan.Pidief.H

Additional information
File size: 400918 bytes
MD5...: 35e8eeee2b94cbe87e3d3f843ec857f6
SHA1..: e95e78d95f05fe1e3775b5dd1f7b3fa391afa690
SHA256: cd508c488bb3b0234ff480cc455761f8003ea584c4ddcc6901f2f5eea66cd25a
ssdeep: 3072:prahGV6Bj8VE9sT6BpfneiL0jbupQ1S8ZTW5RxSDeF87OiE53a0WYtjdMJo
kl:pYBj8V7yaRSQTWX8Deu36SmxMJ3

No comments:

Post a Comment