Wednesday, February 3, 2010

Feb. 3 CVE-2009-4324 Maritime Disputes in East Asia from wozniak@yahoo.com 03 Feb 2010 05:19:02 PST


Download 1f2cc9238129512c6f118ffdfec79189 - East China Sea 2010-1.pdf as a password protected archive (please contact me if you need the password)

Details: 1f2cc9238129512c6f118ffdfec79189 -  East China Sea 2010-1.pdf

From: Natalie S. Wozniak [mailto:natalies.wozniak@yahoo.com]
Sent: Wednesday, February 03, 2010 8:56 AM
Subject: Maritime Disputes in East Asia

Colleague,

I was able to secure permission to forward you the attached CRS report on Maritime Disputes in East Asia; just came out today. They intentionally kept it short report, in hopes that it would increase its readership. 

Please share with your colleagues. Also, please share their comments, observations and questions.

Best,

Natalie

Headers
Message-ID: <242520.45817.qm@web114111.mail.gq1.yahoo.com>
 ....
Received: from [69.197.151.114] by web114111.mail.gq1.yahoo.com via HTTP; Wed, 03 Feb 2010 05:19:02 PST
X-Mailer: YahooMailRC/272.7 YahooMailWebService/0.8.100.260964
Date: Wed, 3 Feb 2010 05:19:02 -0800 (PST)
From: "Natalie S. Wozniak"
Subject: Maritime Disputes in East Asia
To: XXXXXXXXXXXXX
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="0-410636181-1265203142=:45817"
  

Lookup IP Address: 69.197.151.114
General Information
Hostname: server.gvd.tw
ISP: WholeSale Internet
Organization: Max Dmitry
Country: United States  
State/Region: MO
City: Kansas City




 Virustotal
 File East_China_Sea_2010-1.pdf received on 2010.02.08 06:49:37 (UTC)
http://www.virustotal.com/analisis/9c60d1c79ddcbc446c41fbc523e8818ace5624dbbe38a9fa6da092f2a582a498-1265611777
Result: 9/40 (22.5%)
Avast    4.8.1351.0    2010.02.08    JS:Pdfka-WP
GData    19    2010.02.08    JS:Pdfka-WP
Microsoft    1.5406    2010.02.07    Exploit:Win32/Pdfjsc.CW
NOD32    4846    2010.02.08    JS/Exploit.Pdfka.NPK
nProtect    2009.1.8.0    2010.02.08    Exploit.PDF-JS.Gen.C02
PCTools    7.0.3.5    2010.02.08    Trojan.Pidief
Sophos    4.50.0    2010.02.08    Troj/PDFJs-B
Sunbelt    3.2.1858.2    2010.02.07    Exploit.PDF-JS.Gen (v)
TrendMicro    9.120.0.1004    2010.02.08    TROJ_PDFEX.E
File size: 60110 bytes
MD5...: 1f2cc9238129512c6f118ffdfec79189
SHA1..: 31d658a871d3974c55ec310742ad7a07310bd0ba

 Wepawet
http://wepawet.cs.ucsb.edu/view.php?hash=1f2cc9238129512c6f118ffdfec79189&type=js
Analysis report for East China Sea 2010-1.pdf
File    East China Sea 2010-1.pdf
MD5    1f2cc9238129512c6f118ffdfec79189
Analysis Started    2010-02-07 22:52:43
Report Generated    2010-02-07 22:52:47
Jsand 1.03.02    benign

ViCheck.ca
PDF Exploit call to media.newPlayer CVE-2009-4324

Malware traffic to     
Hostname:    218.159.55.30
      ISP:    Korea Telecom
      Organization:    Korea Telecom
      Country:    Korea, Republic of
      State/Region:    11
      City:    Seoul

Quite a few domains on that ip (from robtex.com)

 File shellcode.exe_ received on 2010.02.08 07:00:13 (UTC)
Result: 10/40 (25.00%)
AVG     9.0.0.730     2010.02.07     Agent_r.OV
CAT-QuickHeal     10.00     2010.02.08     Trojan.Agent.ATV
Jiangmin     13.0.900     2010.02.08     Trojan/Agent.ckpb
Kaspersky     7.0.0.125     2010.02.08     Trojan-Downloader.Win32.Small.aolo
McAfee     5885     2010.02.07     Generic Downloader.fa
McAfee+Artemis     5885     2010.02.07     Generic Downloader.fa
McAfee-GW-Edition     6.8.5     2010.02.07     Heuristic.BehavesLike.Win32.Downloader.T
Microsoft     1.5406     2010.02.07     TrojanDownloader:Win32/Sileco.A
TheHacker     6.5.1.1.183     2010.02.08     Trojan/Downloader.Small.aolo
TrendMicro     9.120.0.1004     2010.02.08     PAK_Generic.001

I am posting the picture as the script causes antivirus panic. Apologies if this happened to you

No comments:

Post a Comment