Pages

Monday, December 21, 2009

Dec. 21 Adobe 0 Day CVE-2009-4324 PDF Attack of the Day SEF preparatory discussions list 陸委會轉寄 海基會、海協會協商代表團預備性磋商名單 from macnews@mac.gov.tw Mon, 21 Dec 2009 20:37:15 +0800


Download infected pdf 海基會協商代表團預備性磋商名單.pdf as SEFdiscussionsm.zip. Password protected, please use the same as on other CVE-2009-4324 files or contact me for the password

Yawn.  Here is one more. 



From: macnews [mailto:macnews@mac.gov.tw]
Sent: Monday, December 21, 2009 7:37 AM
To: XXXXXXXXXXXX
Subject: 陸委會轉寄 海基會、海協會協商代表團預備性磋商名單

您好,附件為本次協商海基會、海協會代表團預備性磋商名單,提供給您參考,謝謝。

__________ Information from ESET NOD32 Antivirus, version of virus signature database 4707 (20091221) __________The message was checked by ESET NOD32 Antivirus.
http://www.eset.com
Here is a terrible machine translation but it is easy to understand that the mailing is fueled by the recent news, namely, the talks between the ARATS  (Association for Relations Across the Taiwan Straits) and SEF (Straits Exchange Foundation)  in Taichung tomorrow, December 22, 2009.


From: macnews [mailto: macnews@mac.gov.tw]
Sent: Monday, December 21, 2009 7:37 AM
To: XXXXXXXXXXXX
Subject: MAC forwarding SEF and ARATS consultations, the delegation of the list of preliminary consultations
Hello, see attached third Consultative SEF and ARATS delegation of the list of preliminary consultations provided for your reference, thank you. 



 Headers
....
Received: from [202.42.147.90] (202.42.147.90)
  by mailsnd1.chol.com with ESMTP;
 Mon, 21 Dec 2009 22:16:35 +0900 (KST)
Message-ID: <1975e5623c$23fce32a$0ae1d8b4@macnews212af2ce2>
From: "macnews"
To:
Subject: =?big5?B?s7CpZbd8wuCxSCCu/LDyt3yhQq78qPO3fKjzsNOlTqrtuc65d7PGqcq9UrDT?=
    =?big5?B?plez5iA=?=
Date: Mon, 21 Dec 2009 20:37:15 +0800
...
X-Mailer: Microsoft Outlook Express 6.00.2900.3138
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.5579

Hostname: 202.42.147.90
ISP: Pacnet
Organization: APPCO Pte Ltd
Proxy: None detected
Type: Cable/DSL
State/Region: 00
City: Singapore
Latitude: 1.2931
Longitude: 103.8558

Virustotal
http://www.virustotal.com/analisis/0c148cfceccea8f0988021d266cfb0668b577bf77a9271bc47cfa7c93305ccc5-1261433971
File _________________________________ received on 2009.12.21 22:19:31 (UTC)
Result: 4/40 (10%)
nProtect 2009.1.8.0 2009.12.21 Exploit.PDF-JS.Gen.C02
PCTools 7.0.3.5 2009.12.21 HeurEngine.MaliciousExploit
Sunbelt 3.2.1858.2 2009.12.21 Exploit.PDF-JS.Gen (v)
Symantec 1.4.4.12 2009.12.21 Bloodhound.Exploit.288  = CVE-2009-4324 Information from Symantec
Additional information
File size: 127728 bytes
MD5...: 0ab2fd3b6c385049f9eb4a559dbdc8a6 

Wepawet
File 海基會å�”商代表團é �備性磋商å��å–®.pdf
MD5 0ab2fd3b6c385049f9eb4a559dbdc8a6
Analysis Started 2009-12-21 15:35:47
Report Generated 2009-12-21 15:35:55
Jsand version 1.03.02

Detection results
Detector Result
Jsand 1.03.02 malicious
Exploits
Name Description Reference
doc.media.newPlayer Use-after-free vulnerability in the Doc.media.newPlayer method in Adobe Reader and Acrobat 8.0 through 9.2 CVE-2009-4324

No comments:

Post a Comment