Friday, April 30, 2010

Apr 26 CVE-2009-4324 w low detection and CVE-2010-0188 Symposium from

a bit of progress

File ATT42909.pdf received on 2010.04.30 11:09:44 (UTC)
Result: 9/41 (21.96%)
Avast    4.8.1351.0    2010.04.30    JS:Pdfka-AEE
Avast5    5.0.332.0    2010.04.30    JS:Pdfka-AEE
F-Secure    9.0.15370.0    2010.04.30    Exploit:W32/Pidief.COJ
GData    21    2010.04.30    JS:Pdfka-AEE
Kaspersky    2010.04.30    Exploit.JS.Pdfka.ceg
McAfee    5.400.0.1158    2010.04.30    Exploit-PDF.q.gen!stream
Sophos    4.53.0    2010.04.30    Troj/PDFJs-GQ
Symantec    20091.2.0.41    2010.04.30    Trojan.Pidief.H
TrendMicro-HouseCall    2010.04.30    JS_UTOTI.LS
Additional information
File size: 129722 bytes
MD5...: 536c0afe4d655a66dccad4af9679caa9

File ATT85645.pdf received on 2010.04.30 11:16:13 (UTC)
Result: 6/40 (15.00%)
Avast 4.8.1351.0 2010.04.30 PDF:CVE-2010-0188
Avast5 5.0.332.0 2010.04.30 PDF:CVE-2010-0188
ClamAV 2010.04.30 Exploit.PDF-22737
eTrust-Vet 35.2.7460 2010.04.30 PDF/CVE-2010-0188!exploit
GData 21 2010.04.30 PDF:CVE-2010-0188 
Sophos 4.53.0 2010.04.30 Troj/PDFJs-II
Additional information
File size: 115796 bytes
MD5   : 58de08c1155a775b760049dff3f5abe4

From: smile []
Sent: Monday, April 26, 2010 9:55 PM
Subject: [研討會]開南大學公共事務管理學系第五屆「全球化與行政治理」國際學術研討會
Importance: High

您的參與將使本次研討會熠熠生輝,期待 道席參與此一學術盛會,共襄盛舉,不勝感荷。

 許慶復    敬邀
TEL :03-3412500(分機3802)

Approximate translation (machine)
From: smile [mailto:]Sent: Monday, April 26, 2010 9:55 PMTo: XXXXXXXXXXXSubject: [seminar] Public Affairs Management, Kainan University, the fifth "Globalization and Administrative Governance" International SymposiumImportance: HighMembers of academic art, Hello, everybody:Kainan University, Public Affairs and Management would like to set 2010 5 月 7 日 (Friday), leave open the International Conference Centre, Southern University, Yan Wenlong, held its fifth "Globalization and Administrative Governance" International Conference. The seminar registration time from now until 99 May 2 only, the attached agenda and registration form, please check!Your participation in this seminar will shine, I look forward to participate in this academic Road event, join in. Thank you very much.
Shun ChungRoad Safety
After school
Xu Qing Fu, Michelle
Kainan University Professor and Director of Public Affairs ManagementContact: Public Affairs Management, Kainan University, Assistant Xu ShuhanE-Mail:; :03-3412500 (ext 3802)
File ATT42909.pdf received on 2010.04.28 15:01:45 (UTC)
Result: 2/39 (5.13%)
McAfee     5.400.0.1158     2010.04.28     Exploit-PDF.q.gen!stream
Sophos     4.53.0     2010.04.28     Troj/PDFJs-GQ
Additional information
File size: 129722 bytes
MD5   : 536c0afe4d655a66dccad4af9679caa9

ATT42909.pdf  - CVE-2009-4324
 File ATT85645.pdf received on 2010.04.29 04:46:50 (UTC)
Result: 6/41 (14.64%)
Avast    4.8.1351.0    2010.04.28    PDF:CVE-2010-0188
Avast5    5.0.332.0    2010.04.28    PDF:CVE-2010-0188
ClamAV    2010.04.29    Exploit.PDF-22737
eTrust-Vet    35.2.7456    2010.04.28    PDF/CVE-2010-0188!exploit
GData    21    2010.04.29    PDF:CVE-2010-0188
Sophos    4.53.0    2010.04.29    Troj/PDFJs-II
File size: 115796 bytes
MD5...: 58de08c1155a775b760049dff3f5abe4

ATT85645.pdf = CVE-2010-0188

Received: from (HELO (
  by with SMTP; 27 Apr 2010 02:23:10 -0000
Received: from vac (unknown [])
    by (Postfix) with ESMTP id 64ED7D6C431
    for XXXXXXXX ; Tue, 27 Apr 2010 10:22:32 +0800 (CST)
Message-ID: <1975e5623c$23fce32a$0ae1d8b4@vac212af2ce2>
From: "smile"

ISP: Laboratoire d'Automatique et d'Analyse des Systeme 
Organization: Laboratoire d'Automatique et d'Analyse des Systeme
Country: France  
State/Region: Midi-Pyrenees
City: Toulouse

It appears that  used ( a relay server
inetnum: -
netname: GSN
descr: GSN, Taiwan Government Service Network.
descr: Data-Bldg.14F, No.21, Sec.21, Hsin-Yi Rd.
descr: Taipei Taiwan 100
country: TW
Incoming mail for is handled by two mailservers at They are on different IP networks. has one IP number , which also has a corresponding reverse pointer. and use this as a mailserver. and share mailservers with this domain. is delegated to one nameserver, however one extra nameserver is listed in the zone. The NS stated in SOA record is not in the list of nameservers. Incoming mail for is handled by twelve mailservers also at Some of them are on the same IP network.
You might also be interested in,, and is hosted on a server in Taiwan.
It is not listed in any blacklists.

No comments:

Post a Comment