[nsp-sec] Adobe Reader 0day
Matthew.Swaar at us-cert.gov
Matthew.Swaar at us-cert.gov
Fri Feb 20 04:12:52 EST 2009
Domains/Ips that US-CERT believes may have been associated with specific
attacks:
(These were back-channels / drops, not the IP the e-mails attacks
originated from)
jmyp.8800.org (123.120.99.37) on port 80 and 21
shareitok.51.net (219.232.224.95)
hXXp://cpos.8800.org/logo.php (211.115.80.147)
msus.6600.org
js001.3322.org (222.35.136.119)
V/R,
Matt Swaar
US-CERT Analyst
-----Original Message-----
From: Swaar, Matthew
Sent: Friday, February 20, 2009 3:40 AM
To: nsp-security at puck.nether.net
Subject: Adobe Reader 0day
For those that haven't seen this yet:
http://www.theregister.co.uk/2009/02/20/adobe_reader_exploit/
http://www.shadowserver.org/wiki/pmwiki.php?n=Calendar.20090219
http://www.adobe.com/support/security/advisories/apsa09-01.html
I can confirm that there is active (targeted) exploitation taking place.
V/R,
Matt Swaar
US-CERT Analyst
More information about the nsp-security
mailing list