Mar 10 CVE-2010-0188 PDF March Luncheon Invitation_FINAL from ikhtnamzels@yahoo.com

• CVE-2010-0188 Unspecified vulnerability in Adobe Reader and Acrobat 8.x before 8.2.1 and 9.x before 9.3.1 allows attackers to cause a denial of service (application crash) or possibly execute arbitrary code via unknown vectors
• Adobe Reader and The Unspecified Vulnerability from Secunia.com

Expect code is this file to be different from code in invitation.pdf described in Mar 9. CVE-2010-0188 PDF+ exploit demo. Formal invitation letter ... 

Download 1a8a44c122449cf586419cfc5d6f36093e175037 2010 March Luncheon Invitation_FINAL.pdf  as a password protected archive (please contact me if you need the password)

Details  2010_March_Luncheon_Invitation_FINAL.pdf  3639f34ad463932ab8ebad3e57421a97

From: Isidore Klinkenborg [mailto:ikhtnamzels@yahoo.com]
Sent: Wednesday, March 10, 2010 5:34 AM
To: MKoehler-Vice President Office Marc
Subject: 2010 March Luncheon Invitation_FINAL

attached is the copy of the formal invitation letter and response card.
Meanwhile We have send you the formal invitation letter by post
according to your correspondence address. Please check your mailbox in the
next few days.

Sincerely yours
Isidore





Virustotal scans - see dynamics from 0 to 8 over the course of 7 days

March 10 

Result: 0/42 (0.00%)
http://www.virustotal.com/analisis/3f327ecde65a536e9f197929ecb397dda92087cef2f563573104488ea5b7a923-1268219156

March 11

http://www.virustotal.com/analisis/3f327ecde65a536e9f197929ecb397dda92087cef2f563573104488ea5b7a923-1268311817
File 2010_March_Luncheon_Invitation_FI  received on 2010.03.11 12:50:17 (UTC)
Result: 1/42 (2.38%)
Symantec     20091.2.0.41     2010.03.11     Trojan.Pidief.I
File size: 162579 bytes
MD5   : 3639f34ad463932ab8ebad3e57421a97
SHA1  : 1a8a44c122449cf586419cfc5d6f36093e175037

Update: March 17

http://www.virustotal.com/analisis/3f327ecde65a536e9f197929ecb397dda92087cef2f563573104488ea5b7a923-1268854486
 File 2010_March_Luncheon_Invitation_FI  received on 2010.03.17 08:04:19 (UTC)
Result: 8/42 (19.05%)
AhnLab-V3     5.0.0.2     2010.03.16     PDF/Exploit
AntiVir     8.2.1.180     2010.03.16     EXP/Pidief.dbj
eTrust-Vet     35.2.7368     2010.03.17     PDF/Pidief.PU
Kaspersky     7.0.0.125     2010.03.17     Exploit.Win32.Pidief.dbi
McAfee-GW-Edition     6.8.5     2010.03.16     Exploit.Pidief.dbj
Microsoft     1.5605     2010.03.17     Exploit:Win32/Pdfjsc.gen!B
Sophos     4.51.0     2010.03.17     Troj/PDFJs-II
Symantec     20091.2.0.41     2010.03.17     Trojan.Pidief.I
File size: 162579 bytes
MD5   : 3639f34ad463932ab8ebad3e57421a97

 Relevant Header info

Received: from [222.122.12.31] by web114207.mail.gq1.yahoo.com via HTTP; Wed, 10 Mar 2010 02:34:05 PST
X-Mailer: YahooMailRC/300.3 YahooMailWebService/0.8.100.260964


Robtex.com

Summary

google-analyt1cs.com point to 222.122.12.31. It is blacklisted in five lists. 

      Hostname:    222.122.12.31
      ISP:    Korea Telecom
      Organization:    Korea Telecom
      Country:    Korea, Republic of
      State/Region:    Soul-t'ukpyolsi
      City:    Seoul

Neeraj from Hypersecurity blog made an analysis of this sample -
CVE-2010-0188 Adobe Reader TIFF vulnerability