Clicky

Pages

Showing posts with label Vir-Exploit-PDF.q.gen stream. Show all posts
Showing posts with label Vir-Exploit-PDF.q.gen stream. Show all posts

Thursday, January 7, 2010

Jan 7 CVE-2009-4324 Special Edition from okazaki1930@yahoo.co.jp Thu, 7 Jan 2010 16:21:46 +0900 (JST)

This post to be continued....


Download  日本の二大政党制.pdf as 55c503e5f160d58f830bb16d5fc1e09c-Special Edition.zip (password protected archive. Please contact me for the password)



-----Original Message-----
From: 岡崎 久彦 [mailto:okazaki1930@yahoo.co.jp]
Sent: Thursday, January 07, 2010 2:10 AM
To: XXXXXXX
Subject: 特別版再送

----- Original Message -----
From: Hisahiko Okazaki [mailto: okazaki1930@yahoo.co.jp]
Sent: Thursday, January 07, 2010 2:10 AM
To: XXXXX
 Subject: resend  Special Edition

The message sender was
    okazaki1930@yahoo.co.jp
The message originating IP was 124.83.212.30 The message recipients were
    XXXXXXXX
The message was titled 特別版再送
The message date was Thu, 7 Jan 2010 16:21:46 +0900 (JST) The message identifier was <20100107072147.17625.qmail@web4210.mail.ogk.yahoo.co.jp>
The virus or unauthorised code identified in the email is:
>>> Possible MalWare 'Exploit/Acroread-CVE-2009-4324' found in
>>> '7913966_1003X_PA2_APDF__pdf_obj_50_0.js'. Heuristics score: 400

Previous scan on Jan 8, 2010 by someone else. Same md5 hash but different name.
http://www.virustotal.com/analisis/c09081111288172b10a4915c3ca3c917f614f0419a93407d8a4e96dc5da78563-1262913422

Two-party system in Japan
 日本の二大政党制.pdf
http://www.virustotal.com/analisis/c09081111288172b10a4915c3ca3c917f614f0419a93407d8a4e96dc5da78563-1263274446
Result: 16/41 (39.03%)
Antivirus     Version     Last Update     Result
a-squared    4.5.0.48    2010.01.12    Exploit.JS.Pdfka!IK
Antiy-AVL    2.0.3.7    2010.01.11    Exploit/JS.Pdfka
Avast    4.8.1351.0    2010.01.11    JS:Pdfka-UQ
BitDefender    7.2    2010.01.12    Exploit.PDF-JS.Gen
ClamAV    0.94.1    2010.01.12    Exploit.PDF-7067
Comodo    3552    2010.01.12    TrojWare.JS.Exploit.Pdfka.azg
F-Secure    9.0.15370.0    2010.01.12    Exploit.PDF-JS.Gen
GData    19    2010.01.12    Exploit.PDF-JS.Gen
Ikarus    T3.1.1.80.0    2010.01.12    Exploit.JS.Pdfka
Kaspersky    7.0.0.125    2010.01.12    Exploit.JS.Pdfka.azg
McAfee    5858    2010.01.11    Exploit-PDF.q.gen!stream
McAfee+Artemis    5858    2010.01.11    Exploit-PDF.q.gen!stream
McAfee-GW-Edition  Heuristic.BehavesLike.PDF.Shellcode.Z
PCTools    7.0.3.5    2010.01.12    HeurEngine.MaliciousExploit
Symantec    20091.2.0.41    2010.01.12    Bloodhound.Exploit.288
Additional information
File size: 1006594 bytes
MD5...: 55c503e5f160d58f830bb16d5fc1e09c


Posted by Mila at 12:53 AM 0 comments Tags: , , , , , ,

Tuesday, December 1, 2009

Dec.1 PDF Attack of the day. Russian-Proposed European Security Treaty from sullivanchris81@yahoo.com Tue, 1 Dec 2009 04:30:47


The message sender was
sullivanchris81@yahoo.com

The message originating IP was 98.136.165.26 The message recipients were
XXX@XXX.XXX

The message was titled Russian-Proposed European Security Treaty The message date was Tue, 1 Dec 2009 04:30:47 -0800 (PST) The message identifier was <729208.94960.qm@web112801.mail.gq1.yahoo.com>
The virus or unauthorised code identified in the email is:
F-Secure Security Platform version 1.12 build 6412 Copyright (c) 1999-2007 F-Secure Corporation. All Rights Reserved.

Scan started at Tue Dec 1 12:30:52 2009 Database version: 2009-12-01_03

attach/5964623_3X_PM5_EMS_MA-PDF__European=20Security=20Treaty=2D1.pdf: Infected: Exploit.JS.Pdfka.ara [AVP]
attach/5964623_4X_PM6_EMS_MA-PDF__European=20Security=20Treaty=2D2.pdf: Infected: Exploit.JS.Pdfka.ara [AVP]

Scan ended at Tue Dec 1 12:30:52 2009
3 files scanned
2 files infected

Dear Colleagues,

Just in case you have not seen this, I attached the draft treaty for your infomation. The treaty was posted on the website of the Russian Government.

Hope it will be help for your work.

Regards,

Chris



read more...
Posted by Mila at 1:14 PM 3 comments Tags: , , , , ,
Subscribe to: Posts (Atom)
Home