Clicky

Pages

Friday, April 30, 2010

Apr 26 CVE-2009-4324 w low detection and CVE-2010-0188 Symposium from smiles@mail.knu.edu.tw



UPDATE APRIL 30 
a bit of progress

File ATT42909.pdf received on 2010.04.30 11:09:44 (UTC)
Result: 9/41 (21.96%)
Avast    4.8.1351.0    2010.04.30    JS:Pdfka-AEE
Avast5    5.0.332.0    2010.04.30    JS:Pdfka-AEE
F-Secure    9.0.15370.0    2010.04.30    Exploit:W32/Pidief.COJ
GData    21    2010.04.30    JS:Pdfka-AEE
Kaspersky    7.0.0.125    2010.04.30    Exploit.JS.Pdfka.ceg
McAfee    5.400.0.1158    2010.04.30    Exploit-PDF.q.gen!stream
Sophos    4.53.0    2010.04.30    Troj/PDFJs-GQ
Symantec    20091.2.0.41    2010.04.30    Trojan.Pidief.H
TrendMicro-HouseCall    9.120.0.1004    2010.04.30    JS_UTOTI.LS
Additional information
File size: 129722 bytes
MD5...: 536c0afe4d655a66dccad4af9679caa9

File ATT85645.pdf received on 2010.04.30 11:16:13 (UTC)
Result: 6/40 (15.00%)
Avast 4.8.1351.0 2010.04.30 PDF:CVE-2010-0188
Avast5 5.0.332.0 2010.04.30 PDF:CVE-2010-0188
ClamAV 0.96.0.3-git 2010.04.30 Exploit.PDF-22737
eTrust-Vet 35.2.7460 2010.04.30 PDF/CVE-2010-0188!exploit
GData 21 2010.04.30 PDF:CVE-2010-0188 
Sophos 4.53.0 2010.04.30 Troj/PDFJs-II
Additional information
File size: 115796 bytes
MD5   : 58de08c1155a775b760049dff3f5abe4



From: smile [mailto:smiles@mail.knu.edu.tw]
Sent: Monday, April 26, 2010 9:55 PM
To: XXXXXXXXXXX
Subject: [研討會]開南大學公共事務管理學系第五屆「全球化與行政治理」國際學術研討會
Importance: High

各位學術先進,大家好:
開南大學公共事務管理學系謹訂於2010年5月7日(星期五),假開南大學顏文隆國際會議中心,舉辦第五屆「全球化與行政治理」國際學術研討會。本研討會報名時間自即日起至99年5月2日止,檢附議程及報名表,請查收!
您的參與將使本次研討會熠熠生輝,期待 道席參與此一學術盛會,共襄盛舉,不勝感荷。
    順頌

道安
                                                                                                                                           後學
 許慶復    敬邀
     開南大學公共事務管理學系教授兼主任
聯絡人:開南大學公共事務管理學系系助理許舒涵
E-Mail: smile@mail.knu.edu.tw;pm@mail.knu.edu.tw
TEL :03-3412500(分機3802)


Approximate translation (machine)
From: smile [mailto: smiles@mail.knu.edu.tw]Sent: Monday, April 26, 2010 9:55 PMTo: XXXXXXXXXXXSubject: [seminar] Public Affairs Management, Kainan University, the fifth "Globalization and Administrative Governance" International SymposiumImportance: HighMembers of academic art, Hello, everybody:Kainan University, Public Affairs and Management would like to set 2010 5 月 7 日 (Friday), leave open the International Conference Centre, Southern University, Yan Wenlong, held its fifth "Globalization and Administrative Governance" International Conference. The seminar registration time from now until 99 May 2 only, the attached agenda and registration form, please check!Your participation in this seminar will shine, I look forward to participate in this academic Road event, join in. Thank you very much.
    
Shun ChungRoad Safety
                                                                                                                                           
After school
 
Xu Qing Fu, Michelle
     
Kainan University Professor and Director of Public Affairs ManagementContact: Public Affairs Management, Kainan University, Assistant Xu ShuhanE-Mail: smile@mail.knu.edu.tw; pm@mail.knu.edu.twTEL :03-3412500 (ext 3802)
==================================================
http://www.virustotal.com/analisis/2532c39a9227d272050ab3545c18bab989ed3dbf0e7826fa1ac4c06dcb696383-1272466905
File ATT42909.pdf received on 2010.04.28 15:01:45 (UTC)
Result: 2/39 (5.13%)
McAfee     5.400.0.1158     2010.04.28     Exploit-PDF.q.gen!stream
Sophos     4.53.0     2010.04.28     Troj/PDFJs-GQ
Additional information
File size: 129722 bytes
MD5   : 536c0afe4d655a66dccad4af9679caa9


ATT42909.pdf  - CVE-2009-4324



 http://www.virustotal.com/analisis/3f01888d51bd67a2501d4d3d1b5ed63cf3d0cea1413d563484f041cd0b3ff295-1272516410
 File ATT85645.pdf received on 2010.04.29 04:46:50 (UTC)
Result: 6/41 (14.64%)
Avast    4.8.1351.0    2010.04.28    PDF:CVE-2010-0188
Avast5    5.0.332.0    2010.04.28    PDF:CVE-2010-0188
ClamAV    0.96.0.3-git    2010.04.29    Exploit.PDF-22737
eTrust-Vet    35.2.7456    2010.04.28    PDF/CVE-2010-0188!exploit
GData    21    2010.04.29    PDF:CVE-2010-0188
Sophos    4.53.0    2010.04.29    Troj/PDFJs-II
File size: 115796 bytes
MD5...: 58de08c1155a775b760049dff3f5abe4

=================================================
ATT85645.pdf = CVE-2010-0188

Headers
Received: from mail.vac.gov.tw (HELO mail.vac.gov.tw) (210.241.78.245)
  by server-7.tower-37.messagelabs.com with SMTP; 27 Apr 2010 02:23:10 -0000
Received: from vac (unknown [140.93.105.3])
    by mail.vac.gov.tw (Postfix) with ESMTP id 64ED7D6C431
    for XXXXXXXX ; Tue, 27 Apr 2010 10:22:32 +0800 (CST)
Message-ID: <1975e5623c$23fce32a$0ae1d8b4@vac212af2ce2>
From: "smile"


Hostname: 140.93.105.3
ISP: Laboratoire d'Automatique et d'Analyse des Systeme 
Organization: Laboratoire d'Automatique et d'Analyse des Systeme
Country: France  
State/Region: Midi-Pyrenees
City: Toulouse


It appears that 140.93.105.3  used mail.vac.gov.tw (210.241.78.245)as a relay server
210.241.78.245
inetnum: 210.241.0.0 - 210.241.127.255
netname: GSN
descr: GSN, Taiwan Government Service Network.
descr: Data-Bldg.14F, No.21, Sec.21, Hsin-Yi Rd.
descr: Taipei Taiwan 100
country: TW
Incoming mail for mail.vac.gov.tw is handled by two mailservers at gov.tw. They are on different IP networks. mail.vac.gov.tw has one IP number , which also has a corresponding reverse pointer.
vac.gov.tw and mail.vac.gov.tw use this as a mailserver. vac.gov.tw and x346-3.vac.gov.tw share mailservers with this domain.
vac.gov.tw is delegated to one nameserver, however one extra nameserver is listed in the zone. The NS sunlx.vac.gvo.tw.vac.gov.tw stated in SOA record is not in the list of nameservers. Incoming mail for vac.gov.tw is handled by twelve mailservers also at gov.tw. Some of them are on the same IP network.
You might also be interested in mail3.vac.gov.tw, mail4.vac.gov.tw, mail2.vac.gov.tw and mail5.vac.gov.tw.
mail.vac.gov.tw is hosted on a server in Taiwan.
It is not listed in any blacklists.

No comments:

Post a Comment