Friday, March 5, 2010

Mar 4 CVE-2009-4324 PDF Earthquake Knowledge - Life Triangle from spoofed webqry@cwb.gov.tw 4 Mar 2010 08:37:03 -0000


Download F897470188AEC86A5E2E238D3628EEC5-ATT35300.pdf as a password protected archive (contact me for the password if you need it)

Details F897470188AEC86A5E2E238D3628EEC5-ATT35300.pdf

The sender address is spoofed - pretends to be from the Central Weather Bureau
http://www.cwb.gov.tw/eng/index.htm. Everything else is very predictable.


From: 曹啟泰 [mailto:webqry@cwb.gov.tw]
Sent: Thursday, March 04, 2010 3:35 AM
To: XXXXXXXXXXXXXX
Subject: 地震知識-生命三角
----- Original Message -----
From: 吳建德
To:
Sent: 2010-03-04, 14:38:03
Subject: 地震知識-生命三角
--
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
樹德科技大學副教授 吳建德
David Chien-te Wu, Associate Professor, Shu-te University
地址:82445 高雄縣燕巢鄉橫山路59號
Address: 59 Hun Shan Rd., Hun Shan Village, Yen Chau Kaohsiung County, Taiwan R.O.C.
TEL: 886-7-6158000 EXT. 4221
FAX: 886-7-6158000 EXT. 4299
E-mail: davidwu@stu.edu.tw
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

 File ATT35300.pdf received on 2010.03.05 12:09:16 (UTC)
Result: 20/42 (47.62%)
 a-squared    4.5.0.50    2010.03.05    Exploit.JS.Pdfka!IK
AhnLab-V3    5.0.0.2    2010.03.05    VBS/Pdfka
AntiVir    8.2.1.180    2010.03.05    EXP/Pidief.244965
Authentium    5.2.0.5    2010.03.05    PDF/Expl.FO
BitDefender    7.2    2010.03.05    Exploit.PDF-JS.Gen
CAT-QuickHeal    10.00    2010.03.05    Expoit.PDF.FlateDecode
DrWeb    5.0.1.12222    2010.03.05    Exploit.PDF.687
eTrust-Vet    35.2.7341    2010.03.05    PDF/Pidief.G!generic
F-Secure    9.0.15370.0    2010.03.05    Exploit.PDF-JS.Gen
GData    19    2010.03.05    Exploit.PDF-JS.Gen
Ikarus    T3.1.1.80.0    2010.03.05    Exploit.JS.Pdfka
Kaspersky    7.0.0.125    2010.03.05    Exploit.JS.Pdfka.adn
McAfee-GW-Edition    6.8.5    2010.03.05    Heuristic.BehavesLike.CodeExec.G
Microsoft    1.5502    2010.03.05    Exploit:JS/Heapspray
Norman    6.04.08    2010.03.05    JS/Shellcode.FL
nProtect    2009.1.8.0    2010.03.05    Exploit.PDF-JS.Gen.C02
PCTools    7.0.3.5    2010.03.04    HeurEngine.MaliciousExploit
Sophos    4.51.0    2010.03.05    Troj/PDFJs-GQ
Symantec    20091.2.0.41    2010.03.05    Bloodhound.Exploit.288
TrendMicro    9.120.0.1004    2010.03.05    TROJ_PDFKA.AK

Additional information
File size: 133717 bytes
MD5...: f897470188aec86a5e2e238d3628eec5























Headers 
Received: (qmail 17973 invoked from network); 4 Mar 2010 08:37:03 -0000
Received: from msr18.hinet.net (HELO msr18.hinet.net) (168.95.4.118)
  by server-2.tower-200.messagelabs.com with SMTP; 4 Mar 2010 08:37:03 -0000
Received: from IBM-62979760B13 (61-218-117-75.HINET-IP.hinet.net [61.218.117.75])
    by msr18.hinet.net (8.9.3/8.9.3) with ESMTP id QAA27480
    for XXXXXXXXXXXXX; Thu, 4 Mar 2010 16:36:26 +0800 (CST)
Reply-To: webqry@cwb.gov.tw
From: "=?BIG5?B?seSx0q71?="
To: XXXXXXXXXXXXXXXXXXX
Subject: =?BIG5?B?pmG+X6q+w9Gh0KXNqVKkVKik?=
Date: Thu, 4 Mar 2010 16:35:15 +0800
Message-ID: 61.218.117.75>
MIME-Version: 1.0
Content-Type: multipart/mixed;
    boundary="----=_NextPart_10030416284050076187603_000"
X-Priority: 3
X-Mailer: DreamMail 4.5.0.0

Sender
61-218-117-75.hinet-ip.hinet.net  a  61.218.117.75
Taiwan 61.218.0.0/16
AS9680
Hostname: 61-218-117-75.hinet-ip.hinet.net
ISP: CHTD, Chunghwa Telecom Co., Ltd. 
Organization: Air System Enterprise Co., Ltd.
Country: Taiwan  
State/Region: T'ai-wan
City: Taoyüan
Latitude: 24.9869
Longitude: 121.3056

Robtex graph
http://www.robtex.com/ip/61.218.117.75.html


Website on the same IP - www.airsystem.com.tw







No comments:

Post a Comment