AFRL-RI-RS-TR-2009-136
Final Technical Report
December 2009
CYBER-PMESII COMMANDER’S ANALYSIS OF FORECAST EFFECTS (CYBERCAFE)
INFORMATION SUBJECT TO EXPORT CONTROL LAWS
WARNING - This document contains technical data whose export is restricted by the Arms Export Control Act (Title 22, U.S.C., Sec 2751 et seq.) or the Export Administration Act of 1979, as amended (Title 50, U.S.C. App. 2401, et seq.). Violations of these export laws are subject to severe criminal penalties. Disseminate IAW DoDD 5230.25.
DESTRUCTION NOTICE - For classified documents, follow the procedures in DOD 5220.22-M, National Industrial Security Manual (NISPOM), section 5-705 or DOD 5200.1-R, Information Security Program, Chapter VI. For unclassified limited documents, destroy by any method that will prevent disclosure of contents or reconstruction of the document.
Export of the attached information (which includes, in some circumstances, release to foreign nationals within the United States) without first obtaining approval or license from the Department of State for items controlled by the International Traffic in Arms Regulation (ITAR), or the Department of Commerce for items controlled by the Export Administration Regulation (EAR), may constitute a violation of law.
Download:
http://www.zeropaid.com/bbs/includes/CYBERCAFE.zip
or
http://rapidshare.com/files/318309046/CYBERCAFE.zip.html
http://www.sendspace.com/file/fmbt01
Just saw a posting about it on funsec - someone from Virginia Tech police got it
CYBER-PMESII COMMANDER?S ANALYSIS (fwd)
From: Valdis.Kletnieks () vt edu
Date: Wed, 09 Dec 2009 13:29:39 -0500
Somehow, I doubt the payload here is in fact from NSA, nor covered by any
DOD restrictions. Have at it, forensics junkies. ;)
And thank you Fedora Rawhide for breaking GnuPG on me. ;)
These folks actually got to the bottom of this
http://cryptome.org/cybercafe-virus/cybercafe-virus.htm
http://seclists.org/funsec/2009/q4/960
The links were taken down earlier today - did not comply with terms of service
or capacity exceeded - first come, first served
Message header 1
Microsoft Mail Internet Headers Version 2.0
Received: from XXXXXXXX(XXXXXXXX]) by xxx.xxx.xxx with Microsoft SMTPSVC(6.0.3790.3959);
Wed, 9 Dec 2009 08:18:53 -0500
Received: from mail28.messagelabs.com ([216.82.249.131]) by XXX.XXX.XXX; Wed, 09 Dec 2009 08:18:52 -0500
X-VirusChecked: Checked
X-Env-Sender: root@pl2.rackco.com
X-Msg-Ref: server-6.tower-28.messagelabs.com!1260364730!41971890!1
X-StarScan-Version: 6.2.4; banners=-,-,XXXXXXXX
X-Originating-IP: [207.226.165.250]
X-SpamReason: No, hits=1.0 required=7.0 tests=SUBJ_ALL_CAPS
Received: (qmail 373 invoked from network); 9 Dec 2009 13:18:51 -0000
Received: from mail.amateursplayroom.com (HELO pl2.rackco.com) (207.226.165.250)
by server-6.tower-28.messagelabs.com with DHE-RSA-AES256-SHA encrypted SMTP; 9 Dec 2009 13:18:51 -0000
Received: (qmail 2571 invoked by uid 48); 9 Dec 2009 07:49:06 -0500
Date: 9 Dec 2009 07:49:06 -0500
Message-ID: <20091209124906.2567.qmail@pl2.rackco.com>
To: XXX@XXX.XXX
Subject: CYBER-PMESII COMMANDER’S ANALYSIS OF FORECAST EFFECTS
From: ecu@nsa.gov
Return-Path: root@pl2.rackco.com
X-OriginalArrivalTime: 09 Dec 2009 13:18:53.0702 (UTC) FILETIME=[27A43A60:01CA78D2]
Header 2
Microsoft Mail Internet Headers Version 2.0Received: fromXXXXXXXX ([XXXXXXXX]) by XXXXXXXX with Microsoft SMTPSVC(6.0.3790.3959);
Wed, 9 Dec 2009 09:25:53 -0500
Received: from mail200.messagelabs.com ([216.82.254.195]) by XXXXXXXX with InterScan Message Security Suite; Wed, 09 Dec 2009 09:25:53 -0500
X-VirusChecked: Checked
X-Env-Sender: apache@newsocketworks.virtual.vps-host.net
X-Msg-Ref: server-11.tower-200.messagelabs.com!1260368751!48706339!1
X-StarScan-Version: 6.2.4; banners=-,-,XXXXXXXX
X-Originating-IP: [216.154.216.196]
X-SpamReason: No, hits=1.0 required=7.0 tests=SUBJ_ALL_CAPS
Received: (qmail 1879 invoked from network); 9 Dec 2009 14:25:52 -0000
Received: from slfc.virtual.vps-host.net (HELO newsocketworks.virtual.vps-host.net) (216.154.216.196)
by server-11.tower-200.messagelabs.com with DHE-RSA-AES256-SHA encrypted SMTP; 9 Dec 2009 14:25:52 -0000
Received-SPF: pass (newsocketworks.virtual.vps-host.net: domain of apache@newsocketworks.virtual.vps-host.net designates 127.0.0.1 as permitted sender) receiver=newsocketworks.virtual.vps-host.net; client-ip=127.0.0.1; helo=newsocketworks.virtual.vps-host.net; envelope-from=apache@newsocketworks.virtual.vps-host.net; x-software=spfmilter 0.97 http://www.acme.com/software/spfmilter/ with libspf2-1.0.0;
Received: from newsocketworks.virtual.vps-host.net (localhost.localdomain [127.0.0.1])
by newsocketworks.virtual.vps-host.net (8.13.8/8.13.8) with ESMTP id nB9EPp8O009730
for <XXXXXXXX>; Wed, 9 Dec 2009 09:25:51 -0500
Received: (from apache@localhost)
by newsocketworks.virtual.vps-host.net (8.13.8/8.13.8/Submit) id nB9EPfcR009726;
Wed, 9 Dec 2009 09:25:41 -0500
Date: Wed, 9 Dec 2009 09:25:41 -0500
Message-Id: <200912091425.nB9EPfcR009726@newsocketworks.virtual.vps-host.net>
To: XXXXXXXX
Subject: RE: CYBERCAFE
From: jh.colving@js.pentagon.mil
Return-Path: apache@newsocketworks.virtual.vps-host.netX-OriginalArrivalTime: 09 Dec 2009 14:25:53.0978 (UTC) FILETIME=[83E9A9A0:01CA78DB]
AFRL-RI-RS-TR-2009-136
Final Technical Report
December 2009
CYBER-PMESII COMMANDER’S ANALYSIS OF FORECAST EFFECTS (CYBERCAFE)
INFORMATION SUBJECT TO EXPORT CONTROL LAWS
WARNING - This document contains technical data whose export is restricted by the Arms Export Control Act (Title 22, U.S.C., Sec 2751 et seq.) or the Export Administration Act of 1979, as amended (Title 50, U.S.C. App. 2401, et seq.). Violations of these export laws are subject to severe criminal penalties. Disseminate IAW DoDD 5230.25.
DESTRUCTION NOTICE - For classified documents, follow the procedures in DOD 5220.22-M, National Industrial Security Manual (NISPOM), section 5-705 or DOD 5200.1-R, Information Security Program, Chapter VI. For unclassified limited documents, destroy by any method that will prevent disclosure of contents or reconstruction of the document.
Export of the attached information (which includes, in some circumstances, release to foreign nationals within the United States) without first obtaining approval or license from the Department of State for items controlled by the International Traffic in Arms Regulation (ITAR), or the Department of Commerce for items controlled by the Export Administration Regulation (EAR), may constitute a violation of law.
Download:
http://www.zeropaid.com/bbs/includes/CYBERCAFE.zip
or
http://rapidshare.com/files/318309046/CYBERCAFE.zip.html
http://www.sendspace.com/file/fmbt01
______________________________________________________________________
This email has been scanned by the MessageLabs Email Security System.
No comments:
Post a Comment