Tuesday, December 15, 2009

Dec.13 Adobe 0 day CVE-2009-4324 PDF attack of the Day (#2) Interview Request from Sun, 13 Dec 2009 14:13:46

Download "Outline of interview" infected pdf. (password protected archive. Contact me for the password. If you got the first verison of the adobe zero day of Fri, Dec 11, the password is the same) 
Note: A few people reported problems with unzipping the files - use 7Zip if you do. Please email the name of the file or provide a link when asking for a password.

New Adobe zero day exploit message (#2)  See #1 here
From: Fureer Angelica []
Sent: 2009-12-13 12:14 AM
Subject: Interview Request

This is Fureer Angelica, diplomaic broadcaster for CNN in DC.
There's growing concern about the U.S.-North Korea bilateral talks.
So, we're planning an Interview about them.
Attached is the outline of the interview.

p.s. Detailed schedules will be followed soon if you accept the offer.

Messagelabs detects it easily
The message sender was

The message originating IP was The message recipients were

The message was titled Interview Request The message date was Sun, 13 Dec 2009 14:13:46 +0900 The message identifier was <>
The virus or unauthorised code identified in the email is:
Possible MalWare 'JS/PDFEncoded' found in
'5963838_1001X_PA3_APDF__pdf_obj_110_0.js'. Heuristics score: 651

Virustotal results.
File outline_of_interview.pdf received on 2009.12.15 15:48:16 (UTC)
Result: 8/41 (19.52%)
Antivirus Version Last Update Result

AntiVir 2009.12.15 HTML/Malicious.PDF.Gen
eSafe 2009.12.15 PDF.Exploit.4
Kaspersky 2009.12.15 Exploit.JS.Pdfka.atq
McAfee-GW-Edition 6.8.5 2009.12.15 Script.Malicious.PDF.Gen
Microsoft 1.5302 2009.12.15 Exploit:Win32/Pdfjsc.CO
NOD32 4690 2009.12.15 PDF/Exploit.Gen
PCTools 2009.12.15 Trojan.Pidief
Symantec 2009.12.15 Trojan.Pidief.H

Additional information
File size: 400918 bytes
MD5...: 35e8eeee2b94cbe87e3d3f843ec857f6
SHA1..: e95e78d95f05fe1e3775b5dd1f7b3fa391afa690
SHA256: cd508c488bb3b0234ff480cc455761f8003ea584c4ddcc6901f2f5eea66cd25a
ssdeep: 3072:prahGV6Bj8VE9sT6BpfneiL0jbupQ1S8ZTW5RxSDeF87OiE53a0WYtjdMJo

No comments:

Post a Comment