Jump to content

Malwarebytes

pdf exploit

Started by Jaxryley, Feb 23 2009 03:32 AM

6 replies to this topic

#1
Jaxryley
Posted 23 February 2009 - 03:32 AM

    Forum Deity

  • Malware Hunters
  • PipPipPipPipPipPip
  • 6,718 posts
  • Gender:Male
  • Location:West Aussie
  • Interests:Gardening and computers.
reddii.ru/traffic/sploit1/getfile.php?f=pdf

Quote

File getfile.php.pdf received on 02.23.2009 04:29:37 (CET)
Current status: finished
Result: 13/39 (33.33%)
Virus Total
File size: 3854 bytes

#2
salmon
Posted 23 February 2009 - 07:00 PM

    Advanced Member

  • Honorary Members
  • PipPipPip
  • 179 posts
  • Gender:Male
  • Interests:Mainly salmon
Are these aswell?
hxxp://www.lindanew.kit.net/msmsgs.pdf
hxxp://www.lindanew.kit.net/msgsc.pdf
Trojan.Salmon moving to fish tank on reboot.

#3
Jaxryley
Posted 23 February 2009 - 10:35 PM

    Forum Deity

  • Malware Hunters
  • PipPipPipPipPipPip
  • 6,718 posts
  • Gender:Male
  • Location:West Aussie
  • Interests:Gardening and computers.

Quote

File msmsgs.pdf received on 02.23.2009 23:31:52 (CET)
Current status: finished
Result: 1/39 (2.56%)
Virus Total

---------------------------------------------------------------------------

Quote

File msgsc.pdf received on 02.23.2009 23:31:41 (CET)
Current status: finished
Result: 1/39 (2.56%)
Virus Total

#4
salmon
Posted 23 February 2009 - 11:04 PM

    Advanced Member

  • Honorary Members
  • PipPipPip
  • 179 posts
  • Gender:Male
  • Interests:Mainly salmon
A pdf file part of service pack 3?

File ID Filename Size (Byte) Result
4325673 msgsc.pdf 81 KB KNOWN CLEAN

Please find a detailed report concerning each individual sample below:
Filename Result
msgsc.pdf KNOWN CLEAN

The file 'msgsc.pdf' has been determined to be 'KNOWN CLEAN'. In particular this means that we could not find any malicious content. Please note that the file is part of 'Microsoft Windows XP (SP3)'.
seems to be a few of these kit.net sites found them on threatexpert cant get on the sites cant get them to load.
* hxxp://www.pirulito2000.kit.net/mascote.pdf
* hxxp://www.pirulito2000.kit.net/laranja.pdf
* hxxp://www.pirulito2000.kit.net/responsabilidade.pdf
* hxxp://www.elementobaum.kit.net/libeay32.dll
* hxxp://www.elementobaum1.kit.net/ssleay32.dll
* hxxp://www.elementobaum1.kit.net/zlib1.dll
* hxxp://www.elementobaum1.kit.net/novidade.pdf
Trojan.Salmon moving to fish tank on reboot.

#5
Baz.
Posted 24 February 2009 - 12:03 AM

    Advanced Member

  • Experts
  • PipPipPip
  • 217 posts
  • Gender:Male
  • Location:London
They put up dummy files to confuse sometimes <_<


Keep watching and they will switch em at some point.
Kind Regards,

Baz.

#6
Jaxryley
Posted 26 February 2009 - 02:17 AM

    Forum Deity

  • Malware Hunters
  • PipPipPipPipPipPip
  • 6,718 posts
  • Gender:Male
  • Location:West Aussie
  • Interests:Gardening and computers.
newprogress.tv/fo/spl/pdf.pdf

Quote

File pdf.pdf received on 02.26.2009 03:13:39 (CET)
Current status: finished
Result: 12/39 (30.77%)
Virus Total
File size: 3505 bytes

#7
Jaxryley
Posted 26 February 2009 - 11:06 PM

    Forum Deity

  • Malware Hunters
  • PipPipPipPipPipPip
  • 6,718 posts
  • Gender:Male
  • Location:West Aussie
  • Interests:Gardening and computers.
hxxp://ultradant.cn/dis9/index.php
hxxp://divinets.cn/z/5.htm
hxxp://rapidshare.com/files/202986001/PDF_Exploit.zip.html

Quote

File doc.pdf received on 02.27.2009 00:00:28 (CET)
Current status: finished
Result: 8/38 (21.05%)
Virus Total
File size: 17896 bytes
Back to Newest Rogue Threats · Next Unread Topic →


1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users

  1. Malwarebytes Forum
  2. Research Center
  3. Newest Rogue Threats

Products

About

Partners

Follow Us