Home » » April 02, 2009 CVE-2009-0556 PPT - 0 Day One of the first samples. Cooperative threat reduction

April 02, 2009 CVE-2009-0556 PPT - 0 Day One of the first samples. Cooperative threat reduction

Download infected ppt files  Cooperative Threat Reduction briefing.PPT - b622b9e294647277dc40205dcf27e086 and CTR_talk.PPT - 0e1fc785eff45ff0b140dbf61abf3eab 
(password protected archive, you need to contact me for the password) 

Details: Cooperative Threat Reduction briefing.PPT - b622b9e294647277dc40205dcf27e086 and CTR_talk.PPT - 0e1fc785eff45ff0b140dbf61abf3eab 

      From: XXXXXX@gmail.com
      Sent: Thursday, April 02, 2009 3:59 AM
      To: XXXXXXXX
      Subject: Cooperative Threat Reduction
      I've attached the CTR concept paper.  Feel free to circulate it. We very much look forward to the comments of you and your colleagues.
      Best regards,
      [name and contact info removed]

      Message received on April 2, 2009

      Attachment 1
      Cooperative Threat Reduction briefing.PPT - b622b9e294647277dc40205dcf27e086
      Virustotal scan on April 2, 2009
      http://www.virustotal.com/analisis/dcf59752b35afa4034cc6e99e24ab9b8
      File Cooperative_Threat_Reduction_brie received on 2009.04.02 22:22:40 (UTC)
      Current status: finished
      Result: 2/40 (5.00%)
      Antivirus     Version     Last Update     Result
      McAfee-GW-Edition     6.7.6     2009.04.01     OLE2.LooksLike.Suspicious.gen
      Norman     6.00.06     2009.04.02     ShellCode.A
       Additional information
      File size: 838144 bytes
      MD5...: b622b9e294647277dc40205dcf27e086








      Note the Content created date and date last saved in combination with the timeline below.



       Virustotal scan on December 21, 2009
      http://www.virustotal.com/analisis/4c4453542923b1194d62aafa11c7d27da269e653bce93db38bb2be6200ee9e6f-1262234584

      File Cooperative_Threat_Reduction_brie received on 2009.12.31 04:43:04 (UTC)
      Result: 19/40 (47.50%)
      Antivirus     Version     Last Update     Result
      a-squared     4.5.0.43     2009.12.31     Exploit.MSPPoint.Apptom!IK
      AhnLab-V3     5.0.0.2     2009.12.31     Dropper/Exploit-PPT
      AntiVir     7.9.1.122     2009.12.30     EXP/MSPPoint.Apptom.A.1
      Authentium     5.2.0.5     2009.12.31     PPT/Dropper.A
      BitDefender     7.2     2009.12.31     Exploit.PPT.Gen
      Comodo     3423     2009.12.31     UnclassifiedMalware
      DrWeb     5.0.1.12222     2009.12.31     Exploit.PowerPoint
      F-Secure     9.0.15370.0     2009.12.31     Exploit:W32/Ppdropper.BV
      GData     19     2009.12.31     Exploit.PPT.Gen
      Kaspersky     7.0.0.125     2009.12.31     Exploit.MSPPoint.Apptom.a
      McAfee     5847     2009.12.30     Exploit-PPT.k
      McAfee+Artemis     5847     2009.12.30     Exploit-PPT.k
      McAfee-GW-Edition     6.8.5     2009.12.30     Heuristic.BehavesLike.Exploit.OLE2.CodeExec.PGPG
      Microsoft     1.5302     2009.12.31     Exploit:Win32/Apptom.gen
      Norman     6.04.03     2009.12.30     ShellCode.A
      PCTools     7.0.3.5     2009.12.31     HeurEngine.MaliciousExploit
      Sophos     4.49.0     2009.12.31     Troj/ExpPPT-B
      Sunbelt     3.2.1858.2     2009.12.31     Trojan-Dropper.MSPPoint.Apptom.b (v)
      TrendMicro     9.120.0.1004     2009.12.31     TROJ_PPDROP.AB
      File size: 838144 bytes
      MD5   : b622b9e294647277dc40205dcf27e086

      Attachment 2
      CTR_talk.PPT - 0e1fc785eff45ff0b140dbf61abf3eab
      Virustotal  http://www.virustotal.com/analisis/7c07bf5f71d1cf33195dc0b21a257e0f.

      File CTR_talk.PPT received on 2009.04.03 13:00:29 (UTC)
      Result: 3/40 (7.50%)
      McAfee-GW-Edition 6.7.6 2009.04.03 OLE2.LooksLike.Suspicious.gen
      Microsoft 1.4502 2009.04.03 Exploit:Win32/Apptom.gen
      Norman 6.00.06 2009.04.02 ShellCode.A
      Additional information
      File size: 838144 bytes
      MD5...: 0e1fc785eff45ff0b140dbf61abf3eab

      Virustotal
      http://www.virustotal.com/analisis/5c77bc181277f05ac7a91f7c59c2fe9705ddc865432efcab0130575ed040c254-1262234557

       File CTR_talk.PPT received on 2009.12.31 04:42:37 (UTC)
      Result: 17/40 (42.50%)
      a-squared 4.5.0.43 2009.12.31 Exploit.MSPPoint.Apptom!IK
      AhnLab-V3 5.0.0.2 2009.12.31 Dropper/Exploit-PPT
      BitDefender 7.2 2009.12.31 Exploit.PPT.Gen
      Comodo 3423 2009.12.31 UnclassifiedMalware
      DrWeb 5.0.1.12222 2009.12.31 Exploit.PowerPoint
      F-Secure 9.0.15370.0 2009.12.31 Exploit.PPT.Gen
      GData 19 2009.12.31 Exploit.PPT.Gen
      Ikarus T3.1.1.79.0 2009.12.31 Exploit.MSPPoint.Apptom
      Kaspersky 7.0.0.125 2009.12.31 Exploit.MSPPoint.Apptom.a
      McAfee 5847 2009.12.30 Exploit-PPT.k
      McAfee+Artemis 5847 2009.12.30 Exploit-PPT.k
      McAfee-GW-Edition 6.8.5 2009.12.30 Heuristic.BehavesLike.Exploit.OLE2.CodeExec.PGPG
      Microsoft 1.5302 2009.12.31 Exploit:Win32/Apptom.gen
      Norman 6.04.03 2009.12.30 ShellCode.A
      PCTools 7.0.3.5 2009.12.31 HeurEngine.MaliciousExploit
      Sophos 4.49.0 2009.12.31 Troj/ExpPPT-B
      TrendMicro 9.120.0.1004 2009.12.31 TROJ_PPDROP.AB
      Additional information
      File size: 838144 bytes
      MD5   : 0e1fc785eff45ff0b140dbf61abf3eab

      Disclosure Timeline  http://www.zerodayinitiative.com/advisories/ZDI-09-019/

        April 7, 2008 - Vulnerability reported to vendor
        May 12, 2009 - Coordinated public release of advisory