Tuesday, January 5, 2010

Jan. 5 CVE-2009-4324 Adobe 0 Day [NYTimes.com]Large Oil Spill Reported in China from nytimes2010@hotmail.com Tue, 5 Jan 2010 04:58:37 +0000



Download  CVE-2009-4324 samples (Password protected archives. Use the same password you used on the samples above or contact me for the password)





The message sender was
    nytimes2010@hotmail.com
The message originating IP was 65.55.34.86 The message recipients were
    XXXX@XXXXX.XXX
The message was titled [NYTimes.com]Large Oil Spill Reported in China The message date was Tue, 5 Jan 2010 04:58:37 +0000 The message identifier was
The virus or unauthorised code identified in the email is:
Bloodhound.Exploit.288

 




From: TYTimes News [mailto:nytimes2010@hotmail.com]
Sent: Monday, January 04, 2010 11:07 PM
To: XXXXX@XXXX.XXX
Subject: [NYTimes.com]Large Oil Spill Reported in China


By DAVID BARBOZA
Published: January 5, 2010

SHANGHAI — A large oil spill in northwest China has heavily polluted a tributary of the Yellow River, and threatens to reach one of the country’s longest and most important sources of water.

China’s state-run news media said late Saturday that a “large amount” of diesel oil had leaked out of a pipeline last Thursday in Shaanxi Province.

...... 
•   NYTIMES.COM
•  For general help questions, please send us an e-mail using this form.
•  Comments or feedback about our Web site? Please send us an e-mail using this form.
•  For a possible correction, or to reach the Web site's editorial staff, you can send an e-mail.
•  For questions about posting comments on the site, there is an FAQ.
•  To reach Martin Nisenholtz, the Sr. V.P. of Digital Operations, you can send an e-mail.

________________________________________
Windows Live: Friends get your Flickr, Yelp, and Digg updates when they e-mail you.


Headers:
Received: from COL121-W20 ([65.55.34.72]) by col0-omc2-s2.col0.hotmail.com with Microsoft SMTPSVC(6.0.3790.3959);
     Mon, 4 Jan 2010 20:06:52 -0800
Message-ID:
Return-Path: nytimes2010@hotmail.com
Content-Type: multipart/mixed;
    boundary="_317eba42-29a2-4d57-90e4-2a410f9bfc32_"
X-Originating-IP: [211.186.243.21]
From: TYTimes News
To: XXXXXXXXXXXXXXXXXXX
Subject: [NYTimes.com]Large Oil Spill Reported in China
Date: Tue, 5 Jan 2010 04:06:52 +0000
Importance: Normal
MIME-Version: 1.0
X-OriginalArrivalTime: 05 Jan 2010 04:06:52.0743 (UTC) FILETIME=[832A3570:01CA8DBC]


Hostname: 211.186.243.21
ISP: KRNIC
Organization: Hanaro Telecom, Inc.
Country: Korea, Republic of  
City: Seoul


Virustotal
http://www.virustotal.com/analisis/d474cb176a75ed022bf417ebe648ac04a2df7cb217601d11faa868b6a311db89-1262671629
File Large_Oil_Spill_Reported_in_China received on 2010.01.05 06:07:09 (UTC)
Result: 8/41 (19.52%)
AhnLab-V3    5.0.0.2    2010.01.05    PDF/CVE-2009-4324
BitDefender    7.2    2010.01.05    Exploit.PDF-JS.Gen
F-Secure    9.0.15370.0    2010.01.05    Exploit.PDF-JS.Gen
GData    19    2010.01.05    Exploit.PDF-JS.Gen
Kaspersky    7.0.0.125    2010.01.05    Exploit.JS.Pdfka.ayb
Sophos    4.49.0    2010.01.05    Troj/PDFJs-B
Symantec    20091.2.0.41    2010.01.05    Bloodhound.Exploit.288
TrendMicro    9.120.0.1004    2010.01.05    TROJ_PIDIEF.SMC
Additional information
File size: 952205 bytes
MD5...: 490be4598299ca1dc27e9a04351c22ba



Wepawet
http://wepawet.cs.ucsb.edu/view.php?hash=490be4598299ca1dc27e9a04351c22ba&type=js

 File    Large Oil Spill Reported in China.pdf
MD5    490be4598299ca1dc27e9a04351c22ba
Analysis Started    2010-01-04 22:40:28
Report Generated    2010-01-04 22:40:33
Jsand 1.03.02    malicious
doc.media.newPlayer    Use-after-free vulnerability in the Doc.media.newPlayer method in Adobe Reader and Acrobat 8.0 through 9.2    CVE-2009-4324


No comments:

Post a Comment