Showing posts with label vir-Exploit.JS.Pdfka.bex. Show all posts
Showing posts with label vir-Exploit.JS.Pdfka.bex. Show all posts

Thursday, January 21, 2010

Jan 21 CVE-2009-4324 Cyber Warfare and Cyber Terrorism from riroth5@gmail.com 2010-01-21 9:44 AM


Download  CB92CEFF7D73C3EC002CD42165685AA1 - Cyber Warfare and Cyber Terrorism.pdf as a password protected archive (please contact me for the password)






From: XXXXXXX
[mailto:riroth5@gmail.com]
Sent: 2010-01-21 9:44 AM
To: isabelhilton@mac.com
Subject: Cyber Warfare and Cyber Terrorism

Dear Initiative Working Group member,

We hope that you find this report thought-provoking, and look forward to receiving your comments at any time. We also
apologize if you have already received this report.

Hope it will be help for your work and also your suggestions will be appreciated.

Best regards,

XXXXX XXXXX


Director, Initiative for U.S.-China Cooperation on Energy and Climate
Asia Society, Center for U.S.-China Relations
1575 Eye St., NW, Suite 325
Washington, D.C., 20005
Phone: (202) 414-2802 (o); (571) 276-1020 (m)
Web: www.asiasociety.org 


Virustotal
http://www.virustotal.com/analisis/e72b949e21ba9743b139b0df211b3bd869d07f82bd35f4294e19e95f55d062e0-1264096140
File Cyber_Warfare_and_Cyber_Terrorism received on 2010.01.21 17:49:00 (UTC)
Result: 8/41 (19.51%)
AntiVir 7.9.1.146 2010.01.21 HTML/Malicious.PDF.Gen
Avast 4.8.1351.0 2010.01.21 JS:Pdfka-VO
AVG 9.0.0.730 2010.01.21 Script/Exploit
GData 19 2010.01.21 JS:Pdfka-VO 
Kaspersky 7.0.0.125 2010.01.21 Exploit.JS.Pdfka.bex
McAfee 5867 2010.01.20 Exploit-PDF.b.gen
McAfee+Artemis 5867 2010.01.20 Exploit-PDF.b.gen
McAfee-GW-Edition 6.8.5 2010.01.21 Script.Malicious.PDF.Gen
File size: 435947 bytes
MD5   : cb92ceff7d73c3ec002cd42165685aa1




read more...
Posted by Mila at 10:34 AM 0 comments Tags: , , , , , Links to this post

Jan.20 CVE-2009-4324 Road Map for Asian-Pacific Security from spoofed gjschmit@aei.org 20 Jan 2010 15:13:10 -0000


Attack of the clones. Here is the third one with the same MD5hash as
Jan 20 CVE-2009-4324 Chinese cyberattack from spoofed xxxxx@gwu.edu 20 Jan 2010 14:26:00 -0000 and
Jan 19 CVE-2009-4324 Obama's First Year in Foreign Policy [Redacted]@thealbrightgroupllc.com

 Same IP address of the sender as here Jan 20 CVE-2009-4324 Chinese cyberattack from spoofed xxxxxxxx@gwu.edu 20 Jan 2010 14:26:00 -0000


 Download  238ECF8C0AEE8BFD216CF3CAD5D82448 - Road Map for Asian-Pacific Security.pdf as a password protected archive (please contact me for the password if you need it)



From: Schmitt, Gary J. [mailto:gjschmit@aei.org]
Sent: Wednesday, January 20, 2010 10:13 AM
To: "Undisclosed-Recipient:;"
Subject: Road Map for Asian-Pacific Security

Colleagues,

This is the second of two Outlooks on the Obama administration's foreign policy approach to Asia. Neither the Clinton nor Bush administrations took full advantage of the growing impetus among the states of the Asia-Pacific region to work through multilateral forums. The Obama administration appears to be following the same pattern. Today a hodgepodge of institutions and forums exists in Asia, but none of them addresses the strategic needs of the region. The United States needs to find ways to maximize its influence through new regionwide forums and institutional arrangements. A two-tiered multilateral approach could benefit the nations in the region and the United States.

Please see the attached for more information.

Hope it will be help for your work and also your suggestions will be appreciated.

Best,

Gary


 Header
Received: (qmail 15802 invoked from network); 20 Jan 2010 15:13:10 -0000
Received: from sideq03.attnet.ne.jp (HELO sideq03.attnet.ne.jp) (165.76.72.13)
  by XXXXXXXXXXXXXXXXXXX
Received: by sideq03.attnet.ne.jp (8.12.11/ver5(11/20/06)) id o0KFD71C016512; Thu, 21 Jan 2010 00:13:07 +0900
Received: from virus01.attnet.ne.jp (virus01 [10.10.13.21])
    by purify-out01.attnet.ne.jp (Postfix) with ESMTP id DD9C733643
    for xxxxxxxxxxxxxxx; Thu, 21 Jan 2010 00:13:07 +0900 (JST)
Received: from purify02.attnet.ne.jp (purify.attnet.ne.jp [165.76.8.44])
    by virus01.attnet.ne.jp (Postfix) with ESMTP id 9201F3A209
    for XXXXXXXXXXXXXXXX; Thu, 21 Jan 2010 00:13:07 +0900 (JST)
Received: from jhc.co.jp (www.jhc.co.jp [202.211.150.106])
    by purify02.attnet.ne.jp (Postfix) with SMTP id 1C96A32E27
    for XXXXXXXXXXXXXXX; Thu, 21 Jan 2010 00:13:02 +0900 (JST)
Received: (qmail 21106 invoked from network); 21 Jan 2010 00:12:56 +0900
Received: from unknown (HELO 3me8de026f8d12) (opepek@222.95.43.226)
  by www.jhc.co.jp with SMTP; 21 Jan 2010 00:12:56 +0900
Message-ID: <3BB0641226EF4F6A9F46A0CFE30A784D@3me8de026f8d12>
From: "Schmitt, Gary J."
To: <"Undisclosed-Recipient:;">
Subject: Road Map for Asian-Pacific Security
Date: Wed, 20 Jan 2010 10:12:54 -0500



Indeed. See Jan 20 CVE-2009-4324 Chinese cyberattack from spoofed shambaugd@gwu.edu 20 Jan 2010 14:26:00 -0000 and Jan 19 CVE-2009-4324 Obama's First Year in Foreign Policy [Redacted]@thealbrightgroupllc.com
 File Chinese_cyberattack.pdf received on 2010.01.20 17:32:16 (UTC)
Current status: finished

Result: 12/41 (29.27%)
MD5   : 238ecf8c0aee8bfd216cf3cad5d82448


http://www.virustotal.com/analisis/b1f01fe0908772cfd1224a9645c9abb270b98a95d4cf83418eeb7188099607dd-1264008736


 File Road_Map_for_Asian-Pacific_Securi received on 2010.01.21 12:47:33 (UTC)
Result: 12/40 (30%)
Antivirus     Version     Last Update     Result
a-squared    4.5.0.50    2010.01.21    Exploit.PDF-JS!IK
AntiVir    7.9.1.146    2010.01.21    HTML/Malicious.PDF.Gen
Avast    4.8.1351.0    2010.01.21    JS:Pdfka-VO
AVG    9.0.0.730    2010.01.21    Script/Exploit
BitDefender    7.2    2010.01.21    Trojan.Script.256073
F-Secure    9.0.15370.0    2010.01.21    Exploit:W32/Pidief.CKZ
GData    19    2010.01.21    Trojan.Script.256073
Ikarus    T3.1.1.80.0    2010.01.21    Exploit.PDF-JS
Kaspersky    7.0.0.125    2010.01.21    Exploit.JS.Pdfka.bex
McAfee    5867    2010.01.20    Exploit-PDF.b.gen
McAfee+Artemis    5867    2010.01.20    Exploit-PDF.b.gen
McAfee-GW-Edition    6.8.5    2010.01.21    Script.Malicious.PDF.Gen

File size: 435947 bytes
MD5...: 238ecf8c0aee8bfd216cf3cad5d82448



Posted by Mila at 7:58 AM 0 comments Tags: , , , , Links to this post

Wednesday, January 20, 2010

Jan 20 CVE-2009-4324 Chinese cyberattack from spoofed XXXXXXXXXX@gwu.edu 20 Jan 2010 14:26:00 -0000

This is my favorite of all times, they have some nerve. I know the George Washington University did not move to China yet. Plus we already received his file yesterday.

Update Jan 21. F-Secure analysts reported that this pdf attachment (or identical file they got)  drops Acrobat.exe (md5: 72170fc42ae1ca8a838843a55e293435), which gets detected as W32/PoisonIvy.NQ, aka Poison Ivy RAT.



Download 238ecf8c0aee8bfd216cf3cad5d82448 - Chinese_cyberattack.pdf as password protected archive (please contact me if you need the password)



From: XXXXXXX [mailto: XXXX@gwu.edu]
Sent: 2010-01-20 9:26 AM
To: "Undisclosed-Recipient:;"
Subject: Chinese cyberattack

Colleagues,

Attached is a short piece I just wrote for the Far Eastern Economic Review about Chinese cyberattack. I hope you find it interesting.

If you have any good idea / comments,  are warmly welcome to feedback.

Best,

David




Received: (qmail 4722 invoked from network); 20 Jan 2010 14:26:00 -0000
Received: from sideq01.attnet.ne.jp (HELO sideq01.attnet.ne.jp) (165.76.72.11)
  by XXXXXXXXXXXXXXXXX
Received: by sideq01.attnet.ne.jp (8.12.11/ver5(11/20/06)) id o0KEPwZv027218; Wed, 20 Jan 2010 23:25:58 +0900
Received: from virus05.attnet.ne.jp (virus05 [10.10.13.25])
    by purify-out01.attnet.ne.jp (Postfix) with ESMTP id 127D333642
    for XXXXXXXXXXXXX; Wed, 20 Jan 2010 23:25:58 +0900 (JST)
Received: from purify05.attnet.ne.jp (purify.attnet.ne.jp [165.76.8.44])
    by virus05.attnet.ne.jp (Postfix) with ESMTP id A7F8635C46
    for XXXXXXXXXXXXXXX; Wed, 20 Jan 2010 23:25:57 +0900 (JST)
Received: from jhc.co.jp (www.jhc.co.jp [202.211.150.106])
    by purify05.attnet.ne.jp (Postfix) with SMTP id 09AF434002
    for XXXXXXXXXXXXXXXX; Wed, 20 Jan 2010 23:25:52 +0900 (JST)
Received: (qmail 11732 invoked from network); 20 Jan 2010 23:25:46 +0900
Received: from unknown (HELO 3me8de026f8d12) (opepek@222.95.43.226)
  by www.jhc.co.jp with SMTP; 20 Jan 2010 23:25:46 +0900
Message-ID:
From: "Shambaugh, David"
To: <"Undisclosed-Recipient:;">
Subject: Chinese cyberattack
Date: Wed, 20 Jan 2010 15:25:45 +0100

Hostname: 222.95.43.226
ISP: CHINANET jiangsu province network
Organization: CHINANET jiangsu province network
Proxy: None detected
Type: Cable/DSL
Country: China  
City: Nanjing

Virustotal



File has already been analyzed
http://www.virustotal.com/analisis/b1f01fe0908772cfd1224a9645c9abb270b98a95d4cf83418eeb7188099607dd-1263958772


Rescan http://www.virustotal.com/analisis/b1f01fe0908772cfd1224a9645c9abb270b98a95d4cf83418eeb7188099607dd-1264008736
File Chinese_cyberattack.pdf received on 2010.01.20 17:32:16 (UTC)
Result: 12/41 (29.27%)
a-squared 4.5.0.50 2010.01.20 Exploit.PDF-JS!IK
AntiVir 7.9.1.146 2010.01.20 HTML/Malicious.PDF.Gen
Avast 4.8.1351.0 2010.01.20 JS:Pdfka-VO
AVG 9.0.0.730 2010.01.19 Script/Exploit
BitDefender 7.2 2010.01.20 Trojan.Script.256073
F-Secure 9.0.15370.0 2010.01.20 Exploit:W32/Pidief.CKZ
GData 19 2010.01.20 Trojan.Script.256073
Ikarus T3.1.1.80.0 2010.01.20 Exploit.PDF-JS
Kaspersky 7.0.0.125 2010.01.20 Exploit.JS.Pdfka.bex
McAfee 5866 2010.01.19 Exploit-PDF.b.gen
McAfee+Artemis 5866 2010.01.19 Exploit-PDF.b.gen
McAfee-GW-Edition 6.8.5 2010.01.20 Script.Malicious.PDF.Gen
Additional information
File size: 435947 bytes
MD5...: 238ecf8c0aee8bfd216cf3cad5d82448


Wepawet detects it under a different name
 http://wepawet.iseclab.org/view.php?hash=238ecf8c0aee8bfd216cf3cad5d82448&type=js
from a file we scanned earlier - same MD5hash - we have a post for this one already
Sample Overview
File Obama\'s First Year in Foreign Policy.pdf
MD5 238ecf8c0aee8bfd216cf3cad5d82448
Analysis Started 2010-01-19 20:07:01
Report Generated 2010-01-19 20:12:10
Jsand 1.03.02 benign 









Posted by Mila at 1:12 PM 0 comments Tags: , , , , , , Links to this post
Subscribe to: Posts (Atom)
Home