Here is a fake trojan-laden pdf about the United States European Command Intelligence Summit.
Details: c3079303562d4672d6c3810f91235d9b - Agenda.pdf
From: Malkhaz Jamureli [mailto:mjamureli@yahoo.com]
Sent: 2010-01-15 3:47 AM
Subject: Fw: USEUCOM Intelligence Summit
ALCON,
The USEUCOM Intelligence Summit, taking place February 15-17, 2010 in Heidelberg, Germany
The theme for the summit is: “Building Partnerships-Linking Nations” and it will bring together working staff-level US and European mission partner capability planners, program managers, intelligence producers, end-users, and subject matter experts from government, military, law enforcement, academia, private sector, and leading edge technology organizations to discuss and determine ways to improve Intelligence-Sharing and Collaboration capabilities that address common challenges in the Regional and International Security Environment.
Conference Objectives
-- Discuss common US-European security challenges where increased intelligence-sharing and collaboration are needed
-- Highlight US and European Partner intelligence-sharing and collaboration capabilities, programs, and technologies
-- Demonstrate enabling concepts, technologies, business processes, and best practices available from US and European mission partners, academia, private sector, and industry.
-- Identify initiatives, establish relationships, and create opportunities to improve development and delivery of intelligence-sharing and collaboration architectures and systems capabilities in the near to mid-term.
MAJ Malkhaz Jamureli
Defense, Military, Naval and Air Attache
Embassy of Georgia
2209 Massachusetts Ave., NW
Washington, DC 20008
Comm: 202-387-2580
FAX: 202-387-2581
Received: from [83.98.144.90] by web33101.mail.mud.yahoo.com via HTTP; Fri, 15 Jan 2010 00:47:09 PST
X-Mailer: YahooMailRC/272.7 YahooMailWebService/0.8.100.260964
Date: Fri, 15 Jan 2010 00:47:09 -0800 (PST)
From: Malkhaz Jamureli
Subject: Fw:USEUCOM Intelligence Summit
To: undisclosed recipients: ;
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="0-1030923004-1263545229=:52502"
X-Mailer: YahooMailRC/272.7 YahooMailWebService/0.8.100.260964
Date: Fri, 15 Jan 2010 00:47:09 -0800 (PST)
From: Malkhaz Jamureli
Subject: Fw:USEUCOM Intelligence Summit
To: undisclosed recipients: ;
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="0-1030923004-1263545229=:52502"
ISP: Reasonnet IP Networks B.V.
Organization: Novinet colocated servers
Proxy: Confirmed proxy server.
Country: Netherlands
State/Region: 07
City: Amsterdam
Latitude: 52.35
Longitude: 4.9167
Download Agendauncompressed.txt (uncompressed with pdf-parser.py)
try{this.media.newPlayer(null);}catch(e){}
util.printd(str0,new Date());}
------------------
Virutotal
File Agenda.pdf received on 2010.01.15 16:14:51 (UTC)
http://www.virustotal.com/analisis/57f59064b25f6f4fc3d564fdf84bd19cf4dacb09987cd9c16cf39768d8d3581e-1263572091
Result: 4/41 (9.76%)
a-squared 4.5.0.50 2010.01.15 Exploit.JS.Pdfka!IK
Ikarus T3.1.1.80.0 2010.01.15 Exploit.JS.Pdfka
McAfee-GW-Edition 6.8.5 2010.01.15 Heuristic.BehavesLike.PDF.Shellcode.Z
Sophos 4.49.0 2010.01.15 Troj/PDFJs-GQ
Additional information
File size: 123812 bytes
MD5...: c3079303562d4672d6c3810f91235d9b
Wepawet
http://wepawet.iseclab.org/view.php?hash=c3079303562d4672d6c3810f91235d9b&type=js
File Agenda.pdf
MD5 c3079303562d4672d6c3810f91235d9b
Analysis Started 2010-01-15 08:35:26
Report Generated 2010-01-15 08:35:27
Jsand 1.03.02 benign
Update January 17, 2010
Report kindly offered by ViCheck.ca
https://www.vicheck.ca/md5query.php?hash=c3079303562d4672d6c3810f91235d9b
Exploit: pdfexploit - PDF Obfuscated Exploit call to media.newPlayer CVE-2009-4324 found @349.
No comments:
Post a Comment