Friday, January 15, 2010

Jan15 CVE-2009-4324 USEUCOM Intelligence Summit from mjamureli@yahoo.com 15 Jan 2010 00:47:09 PST


Here is a fake trojan-laden pdf about the United States European Command Intelligence Summit.


Download Agenda.pdf as c3079303562d4672d6c3810f91235d9b-Agenda.zip (Password protected, please contact me if you need it)

Details: c3079303562d4672d6c3810f91235d9b - Agenda.pdf 




From: Malkhaz Jamureli [mailto:mjamureli@yahoo.com]
Sent: 2010-01-15 3:47 AM
Subject: Fw: USEUCOM Intelligence Summit

ALCON,
    
The USEUCOM Intelligence Summit, taking place February 15-17, 2010 in Heidelberg, Germany
   
The theme for the summit is: “Building Partnerships-Linking Nations” and it will bring together working staff-level US and European mission partner capability planners, program managers, intelligence producers, end-users, and subject matter experts from government, military, law enforcement, academia, private sector, and leading edge technology organizations to discuss and determine ways to improve Intelligence-Sharing and Collaboration capabilities that address common challenges in the Regional and International Security Environment.
   
Conference Objectives
--  Discuss common US-European security challenges where increased intelligence-sharing and collaboration are needed
--  Highlight US and European Partner intelligence-sharing and collaboration capabilities, programs, and technologies
--  Demonstrate enabling concepts, technologies, business processes, and best practices available from US and European mission partners,  academia, private sector, and industry.
--  Identify initiatives, establish relationships, and create opportunities to improve development and delivery of intelligence-sharing and collaboration architectures and systems capabilities in the near to mid-term.
  
    
MAJ Malkhaz Jamureli
Defense, Military, Naval and Air Attache
Embassy of Georgia
2209 Massachusetts Ave., NW
Washington, DC 20008
Comm: 202-387-2580
FAX:   202-387-2581



 Header
Received: from [83.98.144.90] by web33101.mail.mud.yahoo.com via HTTP; Fri, 15 Jan 2010 00:47:09 PST
X-Mailer: YahooMailRC/272.7 YahooMailWebService/0.8.100.260964
Date: Fri, 15 Jan 2010 00:47:09 -0800 (PST)
From: Malkhaz Jamureli
Subject: Fw:USEUCOM Intelligence Summit
To: undisclosed recipients: ;
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="0-1030923004-1263545229=:52502"


Hostname:    83.98.144.90
      ISP:    Reasonnet IP Networks B.V.
      Organization:    Novinet colocated servers
      Proxy:    Confirmed proxy server.
      Country:    Netherlands
      State/Region:    07
      City:    Amsterdam
      Latitude:    52.35
      Longitude:    4.9167


try{this.media.newPlayer(null);}
catch(e){}
util.printd(str0,new Date());}
------------------


Virutotal
File Agenda.pdf received on 2010.01.15 16:14:51 (UTC)
http://www.virustotal.com/analisis/57f59064b25f6f4fc3d564fdf84bd19cf4dacb09987cd9c16cf39768d8d3581e-1263572091
Result: 4/41 (9.76%)
a-squared 4.5.0.50 2010.01.15 Exploit.JS.Pdfka!IK
Ikarus T3.1.1.80.0 2010.01.15 Exploit.JS.Pdfka
McAfee-GW-Edition 6.8.5 2010.01.15 Heuristic.BehavesLike.PDF.Shellcode.Z
Sophos 4.49.0 2010.01.15 Troj/PDFJs-GQ
Additional information
File size: 123812 bytes
MD5...: c3079303562d4672d6c3810f91235d9b


Wepawet
http://wepawet.iseclab.org/view.php?hash=c3079303562d4672d6c3810f91235d9b&type=js
File Agenda.pdf
MD5 c3079303562d4672d6c3810f91235d9b
Analysis Started 2010-01-15 08:35:26
Report Generated 2010-01-15 08:35:27
Jsand 1.03.02 benign

Update January 17, 2010
Report kindly offered by ViCheck.ca

https://www.vicheck.ca/md5query.php?hash=c3079303562d4672d6c3810f91235d9b
Exploit: pdfexploit - PDF Obfuscated Exploit call to media.newPlayer CVE-2009-4324 found @349.

No comments:

Post a Comment