Mobile and print friendly view | Contagio Exchange - Contagio community malware dump

Wednesday, April 7, 2010

Apr 7 CVE-2009-4324 PDF Fwd: Matrix Report --- Earthquake from spoofed UlmanW@state.gov to fake ZaringNS@nasa.gov

 Download infected 82a7c8fdacca91b1bd0fdc2407674f50 matrix_report.pdf as a password protected archive (please contact me if you need the password)

Details 82a7c8fdacca91b1bd0fdc2407674f50 matrix_report.pdf

 From: Ulman, Wayne (FSI) [mailto:UlmanW@state.gov]
Sent: Wednesday, April 07, 2010 2:08 PM
To: ZaringNS@nasa.gov
Subject: Fwd: Matrix Report --- Earthquake

It's incredible!

------Original Message------
From: "Amanda DJ"
Sent: Wednesday, Apr 7, 2010 10:22 AM
To: Ulman, Wayne (FSI); "Wilson Curran"
Subject: Matrix Report --- Earthquake


2012 is coming!
It's ture!

PlS see Attachment: Matrix_Report.pdf
Sichuan Wenchuan Earthquake  5.12    (May. 12th)
Haiti Earthquake  1.12   (Jan. 12th)
Chile  Earthquake   2.27   (Feb. 27th)

Matrix:Horizontal = Vertical

5 1 2
1 1 2
2 2 7


http://www.virustotal.com/analisis/4232d5576e53f24d156894c9563ca9649f46459b495fc93abdd2e1542d466512-1270728059
  File matrix_report.pdf received on 2010.04.08 12:00:59 (UTC)
Result: 14/39 (35.9%)
a-squared    4.5.0.50    2010.04.08    Exploit.Win32.Pidief!IK
Authentium    5.2.0.5    2010.04.08    PDF/Obfusc.M!Camelot
Avast    4.8.1351.0    2010.04.08    JS:Pdfka-WJ
Avast5    5.0.332.0    2010.04.08    JS:Pdfka-WJ
AVG    9.0.0.787    2010.04.08    Script/Exploit
BitDefender    7.2    2010.04.08    Exploit.PDF-JS.Gen
F-Secure    9.0.15370.0    2010.04.08    Exploit.PDF-JS.Gen
GData    19    2010.04.08    Exploit.PDF-JS.Gen
Ikarus    T3.1.1.80.0    2010.04.08    Exploit.Win32.Pidief
McAfee-GW-Edition    6.8.5    2010.04.08    Heuristic.BehavesLike.CodeExec.T
nProtect    2009.1.8.0    2010.04.06    Exploit.PDF-JS.Gen
Sophos    4.52.0    2010.04.08    Troj/PDFJs-FM
Sunbelt    6151    2010.04.08    Exploit.PDF-JS.Gen (v)
TrendMicro    9.120.0.1004    2010.04.08    Expl_ShellCodeSM
Additional information
File size: 187768 bytes
MD5...: 82a7c8fdacca91b1bd0fdc2407674f50

Headers
Received: from unknown (HELO SERVER) (202.29.94.204)
  by XXXXXXXXXX with SMTP; 7 Apr 2010 18:18:49 -0000
Message-ID:
From: "Ulman, Wayne \(FSI\)"
To:
Subject: Fwd: Matrix Report --- Earthquake
Date: Thu, 8 Apr 2010 01:08:03 +0700
MIME-Version: 1.0
Content-Type: multipart/mixed;
    boundary="----=_NextPart_000_0006_01CAD6B7.F0981B60"
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.3790.3959
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.4133


      Hostname:    202.29.94.204
      ISP:    UniNet(Inter-university network)
      Organization:    UniNet(Inter-university network)
      Country:    Thailand
      State/Region:    Krung Thep
      City:    Bangkok





[whois.apnic.net node-3]
% Whois data copyright terms http://www.apnic.net/db/dbcopyright.html

inetnum: 202.28.0.0 - 202.29.255.255
netname: THAINET-TH
descr: UniNet(Inter-university network)
descr: Office of Information Technology Administration
descr: for Educational Development
descr: Ministry of University Affairs
country: TH
admin-c: YT7
admin-c: UV1-AP
tech-c: UNOC1-AP
remarks: UniNet is the outgrowth of THAINET
notify: noc-uninet@it.chula.ac.th
notify: noc@uni.net.th
mnt-by: APNIC-HM
mnt-lower: MAINT-TH-UNINET
status: ALLOCATED PORTABLE
changed: hm-changed@apnic.net 20041210
source: APNIC

person: Unnop Viriyavit
address: 328 Sri-Ayuthya rd. Rajthevi
address: Bangkok 10400
country: TH
phone: +66-2-248-7749
fax-no: +66-2-248-6662
e-mail: unnop@uni.net.th
nic-hdl: UV1-AP
mnt-by: MAINT-NULL
changed: hostmaster@apnic.ent 19990615
changed: chaya@it.chula.ac.th 20010517
source: APNIC

person: Yunyong Teng-amnuay
address: Chulalongkorn University
address: Centers of Academic Resources
address: Phyathai Road
address: Bangkok 10330
address: TH
phone: +66-2-218-2910
fax-no: +66-2-215-3617
e-mail: Yunyong.T@Chula.ac.th
nic-hdl: YT7
notify: Yunyong.T@Chula.ac.th
mnt-by: MAINT-THAINET
changed: hostmaster@apnic.net 19960216
changed: chaya@it.chula.ac.th 20010515
source: APNIC

person: UniNet Network Operation Center
address: Office of Information Technology Administration
address: for Educational Development
address: Ministry of University Affairs
address: Bangkok 10400
country: TH
phone: +66-2-248-7749
fax-no: +66-2-248-6662
e-mail: noc@uni.net.th
nic-hdl: UNOC1-AP
notify: noc@uni.net.th
mnt-by: MAINT-TH-UNINET
changed: manut@uni.net.th 20010517
source: APNIC

No comments:

Post a Comment