Wednesday, February 3, 2010

Feb. 3 CVE-2009-4324 Maritime Disputes in East Asia from 03 Feb 2010 05:19:02 PST

Download 1f2cc9238129512c6f118ffdfec79189 - East China Sea 2010-1.pdf as a password protected archive (please contact me if you need the password)

Details: 1f2cc9238129512c6f118ffdfec79189 -  East China Sea 2010-1.pdf

From: Natalie S. Wozniak []
Sent: Wednesday, February 03, 2010 8:56 AM
Subject: Maritime Disputes in East Asia


I was able to secure permission to forward you the attached CRS report on Maritime Disputes in East Asia; just came out today. They intentionally kept it short report, in hopes that it would increase its readership. 

Please share with your colleagues. Also, please share their comments, observations and questions.



Message-ID: <>
Received: from [] by via HTTP; Wed, 03 Feb 2010 05:19:02 PST
X-Mailer: YahooMailRC/272.7 YahooMailWebService/
Date: Wed, 3 Feb 2010 05:19:02 -0800 (PST)
From: "Natalie S. Wozniak"
Subject: Maritime Disputes in East Asia
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="0-410636181-1265203142=:45817"

Lookup IP Address:
General Information
ISP: WholeSale Internet
Organization: Max Dmitry
Country: United States  
State/Region: MO
City: Kansas City

 File East_China_Sea_2010-1.pdf received on 2010.02.08 06:49:37 (UTC)
Result: 9/40 (22.5%)
Avast    4.8.1351.0    2010.02.08    JS:Pdfka-WP
GData    19    2010.02.08    JS:Pdfka-WP
Microsoft    1.5406    2010.02.07    Exploit:Win32/Pdfjsc.CW
NOD32    4846    2010.02.08    JS/Exploit.Pdfka.NPK
nProtect    2009.1.8.0    2010.02.08    Exploit.PDF-JS.Gen.C02
PCTools    2010.02.08    Trojan.Pidief
Sophos    4.50.0    2010.02.08    Troj/PDFJs-B
Sunbelt    3.2.1858.2    2010.02.07    Exploit.PDF-JS.Gen (v)
TrendMicro    2010.02.08    TROJ_PDFEX.E
File size: 60110 bytes
MD5...: 1f2cc9238129512c6f118ffdfec79189
SHA1..: 31d658a871d3974c55ec310742ad7a07310bd0ba

Analysis report for East China Sea 2010-1.pdf
File    East China Sea 2010-1.pdf
MD5    1f2cc9238129512c6f118ffdfec79189
Analysis Started    2010-02-07 22:52:43
Report Generated    2010-02-07 22:52:47
Jsand 1.03.02    benign
PDF Exploit call to media.newPlayer CVE-2009-4324

Malware traffic to     
      ISP:    Korea Telecom
      Organization:    Korea Telecom
      Country:    Korea, Republic of
      State/Region:    11
      City:    Seoul

Quite a few domains on that ip (from

 File shellcode.exe_ received on 2010.02.08 07:00:13 (UTC)
Result: 10/40 (25.00%)
AVG     2010.02.07     Agent_r.OV
CAT-QuickHeal     10.00     2010.02.08     Trojan.Agent.ATV
Jiangmin     13.0.900     2010.02.08     Trojan/Agent.ckpb
Kaspersky     2010.02.08     Trojan-Downloader.Win32.Small.aolo
McAfee     5885     2010.02.07     Generic Downloader.fa
McAfee+Artemis     5885     2010.02.07     Generic Downloader.fa
McAfee-GW-Edition     6.8.5     2010.02.07     Heuristic.BehavesLike.Win32.Downloader.T
Microsoft     1.5406     2010.02.07     TrojanDownloader:Win32/Sileco.A
TheHacker     2010.02.08     Trojan/Downloader.Small.aolo
TrendMicro     2010.02.08     PAK_Generic.001

I am posting the picture as the script causes antivirus panic. Apologies if this happened to you

No comments:

Post a Comment