Dec. 22 Attack of the Day Trojan.SWF.HeapSpray.B 2010 Congressional, Political and Holiday Schedule from Council for a Livable World from jdsaacs@clw.org

Download infected schedule 2010.pdf (password protected archive. Please contact me if you need the password) - 4875fc26b1507b0f70770253c1bfd3a9

 From: John Isaacs [mailto:jdsaacs@clw.org]
Sent: Tuesday, December 22, 2009 3:37 AM
To: "Undisclosed-Recipient:;"
Subject: 2010 Congressional, Political and Holiday Schedule from Council for a Livable World


    2010 Congressional, Political, Cultural and Holiday Schedule
    Items highlighted in yellow related to Congress
   

    January

    Friday, Jan. 1: New Year’s Day (federal holiday)
    Tuesday, Jan. 5 - Second session of Congress reconvenes in a pro forma session
    Thursday, Jan. 7: BCS college football championship game - Alabama vs. Texas
    Tuesday, Jan. 12: House reconvenes for legislative business
    Monday, Jan. 18: Martin Luther King, Jr. Day (federal holiday)
    Tuesday, Jan. 19: Senate reconvenes for legislative business
    Tuesday, Jan. 19: Mass. special Senate election - Martha Coakley (D) vs. Scott Brown (R)
    Late Jan.:  President Obama’s State of the Union address
    February

Dec.6 PDF attack. What Can the U.S. Learn from China’s Energy Policy? from matthewgebert@yahoo.com Sun, 6 Dec 2009 06:56:40

CVE-2009-0658 Buffer overflow - non-JavaScript function call and possibly an embedded JBIG2 image stream, as exploited in the wild in February 2009 by Trojan.Pidief.E.

Download infected attachments (password protected archive. You will have to contact me for a password)

•  Details: fcff95e5a0736d6e1a861f415b19a4b2  - WhatCantheU.S.LearnfromChina'sEnergyPolicy.pdf

From: Matthew Gebert [mailto:matthewgebert@yahoo.com]


Sent: Sunday, December 06, 2009 9:57 AM


To: matthewgebert@yahoo.com


Subject: What Can the U.S. Learn from China’s Energy Policy?






The joke among China hands goes like this: If the Americans and the Chinese start talking about a major project today, in two years the Chinese will be done and the Americans will still be talking and applying for permits.

The message sender was
    matthewgebert@yahoo.com

 The message was titled What Can the U.S. Learn from China’s Energy Policy?
The message date was Sun, 6 Dec 2009 06:56:40 -0800 (PST) The message identifier was <133325.58274.qm@web113916.mail.gq1.yahoo.com>
The virus or unauthorised code identified in the email is:
F-Secure Security Platform version 1.12  build 6412 Copyright (c) 1999-2007 F-Secure Corporation. All Rights Reserved.

Scan started at Sun Dec  6 14:56:44 2009 Database version: 2009-12-05_02

attach/5963824_3X_PM5_EMS_MA-PDF__China=27s=2DEnergy=2DPolicy=2DAnalysis.pdf: Infected: Exploit.SWF.Agent.ci [AVP]
attach/5963824_4X_PM6_EMS_MA-PDF__WhatCantheU.S.LearnfromChina=27sEnergyPolicy.pdf: Infected: Exploit.JS.Pdfka.ajt [AVP]

Scan ended at Sun Dec  6 14:56:45 2009
5 files scanned
2 files infected

Nov.23 PDF attack. The three undisclosed secret in President Obama Tours Asia Nov 23, 2009 11:23 AM from jenniferf.carlson@yahoo.com

Download the malicious PDF (password protected, you have to contact me for the password)
http://www.mediafire.com/?0ozfmnnegnh

The three undisclosed secret in President Obama Tours Asia

Sent: Mon 11/23/2009 11:23 AM

From: Jennifer F. Carlson [jenniferf.carlson@yahoo.com]

fyi.

The three undisclosed secret in President Obama Tours Asia.

The message sender was
    jenniferf.carlson@yahoo.com

The message originating IP was 68.142.206.162 The message recipients were
    ouruser@ourdomain.xxx

The message was titled The three undisclosed secret in President Obama Tours Asia The message date was Mon, 23 Nov 2009 08:22:38 -0800 (PST) The message identifier was <881116.55087.qm@web111811.mail.gq1.yahoo.com>
The virus or unauthorised code identified in the email is:
F-Secure Security Platform version 1.12  build 6412 Copyright (c) 1999-2007 F-Secure Corporation. All Rights Reserved.

Scan started at Mon Nov 23 16:22:42 2009 Database version: 2009-11-23_10

attach/5963917_3X_PM5_EMS_MA-PDF__ObamaAndAsia.pdf: Infected: Exploit.SWF.Agent.ci [AVP]

Virustotal analysis

File ObamaAndAsia.pdf received on 2009.11.25 06:39:38 (UTC)

Result: 5/41 (12.2%)

Antivirus Version Last Update Result

BitDefender 7.2 2009.11.25 Trojan.SWF.HeapSpray.B
F-Secure 9.0.15370.0 2009.11.24 Trojan.SWF.HeapSpray.B
Kaspersky 7.0.0.125 2009.11.25 Exploit.SWF.Agent.ci
GData 19 2009.11.25 Trojan.SWF.HeapSpray.B
Sunbelt 3.2.1858.2 2009.11.25 Exploit.PDF-JS.Gen (v)

Oct-29 PDF attack. PART II -- North Korea - from georgeyork@mail.house.gov - 204.174.223.60 Thu, 29 Oct 2009 08:41:03 -

http://www.virustotal.com/analisis/37ac149b6dc8b377d481b8d5b3147039b2aecbfe834f300a97f8de14c2ae115b-1256922861

Dear Colleague,
Attached is the report on North Korea. Please let me know if you have any interest in this.
Regards,
George York
House Committee on Ways & Means
2170 Rayburn House Office Building
Tel: (202) 225-5021
Fax: (202) 225-2035

Avast 4.8.1351.0 2009.10.29 PDF:Dropper-E
BitDefender 7.2 2009.10.30 Trojan.SWF.HeapSpray.B
DrWeb 5.0.0.12182 2009.10.30 Exploit.PDF.332
F-Secure 9.0.15370.0 2009.10.30 Trojan.SWF.HeapSpray.B
GData 19 2009.10.30 Trojan.SWF.HeapSpray.B
Microsoft 1.5202 2009.10.30 Exploit:Win32/Pidief.X
Additional information
File size: 417217 bytes
MD5...: 56f0aee46d36bb43bed513172e39a38e
SHA1..: 7cd8aaa246ce9e117827178a12ab0169f762fa0d
SHA256: 37ac149b6dc8b377d481b8d5b3147039b2aecbfe834f300a97f8de14c2ae115b
ssdeep: 768:MkcWFYRkrEPz7OAFzqJBEWcCm+BwQroYPu1PDjHE/rec+8N7zJv9lJtdRx7s
sJpV:lcWM/3UBEFq8ieLjkJ+Ov9ldR/OcX

Oct. 15, 2009 Attack of the Day. Trojan.Swifi /Trojan.SWF.HeapSpray.B / Exploit:Win32/Pidief.S 中共二炮部隊導彈之發展 The Development of Communist China's Second Artillery Corps Missile from F560123@ms13.hinet.net Thu 10/15/2009 10:50 PM

Download infected pdf 新型導彈技術發展.pdf (Password protected archive. Please contact me if you need the password)

From: CHaiwang [mailto:F560123@ms13.hinet.net]

Sent: Thursday, October 15, 2009 10:50 PM

To:

Subject: 中共二炮部隊導彈之發展

請參閱附件!!!!

中共解放軍研究所

蔡萬助

2009/10/16

注意: 若要保護電腦對抗病毒，電子郵件程式可以防止傳送或接收特定類型的檔案附件。請檢查您的電子郵件安全性設定來確定附件如何處理

    machine translation (pls contribute a better one, thank you)

 From: CHaiwang [mailto: F560123@ms13.hinet.net]
    Sent: Thursday, October 15, 2009 10:50 PM
    To:
    Subject:
    Please refer to Annex!!!!
    Chinese People's Liberation Army Institute of ?

        2009/10/16

    Note: To protect your computer against viruses, e-mail program can prevent sending or receiving certain types of file attachments. Please check your e-mail security settings to determine how to handle attachments

Virustotal results
http://www.virustotal.com/analisis/e13fa200c0b2ac9c9f2c722b261ca881a7bee277014ca6e85cff5db3941d6643-1261108031File ________________________.pdf received on 2009.12.18 03:47:11 (UTC)
Result: 18/41 (43.90%)
 Compact Print results  Antivirus Version Last Update Result
a-squared 4.5.0.43 2009.12.18 Exploit.Win32.Pidief!IK
AntiVir 7.9.1.114 2009.12.17 EXP/Pidief.ban
Antiy-AVL 2.0.3.7 2009.12.17 Exploit/Win32.Pidief
Authentium 5.2.0.5 2009.12.02 PDF/Expl.CG
Avast 4.8.1351.0 2009.12.18 PDF:Dropper-D
BitDefender 7.2 2009.12.18 Trojan.SWF.HeapSpray.B
ClamAV 0.94.1 2009.12.18 Exploit.PDF-247
Comodo 3279 2009.12.18 UnclassifiedMalware
eSafe 7.0.17.0 2009.12.16 Win32.Swifi
F-Secure 9.0.15370.0 2009.12.17 Exploit:W32/Pidief.JC
GData 19 2009.12.18 Trojan.SWF.HeapSpray.B
Ikarus T3.1.1.79.0 2009.12.18 Exploit.Win32.Pidief
Kaspersky 7.0.0.125 2009.12.18 Exploit.Win32.Pidief.crd
McAfee-GW-Edition 6.8.5 2009.12.18 Exploit.Pidief.ban
Microsoft 1.5302 2009.12.18 Exploit:Win32/Pidief.S
Panda 10.0.2.2 2009.12.15 Exploit/Pdfka
PCTools 7.0.3.5 2009.12.18 Trojan.Swifi
Symantec 1.4.4.12 2009.12.18 Trojan.Swifi