[nsp-sec] Adobe Reader 0day
Stephen Gill
gillsr at cymru.com
Fri Feb 20 11:42:55 EST 2009
I know this is a bit ironic, but here are a few mapped out relationships in
PDF form. It's free of 0days I promise.
https://www.cymru.com/nsp-sec/Owned/pdf0day.pdf
-- steve
On 2/20/09 2:12 AM, "Matthew.Swaar at us-cert.gov" <Matthew.Swaar at us-cert.gov>
wrote:
> ----------- nsp-security Confidential --------
>
> Domains/Ips that US-CERT believes may have been associated with specific
> attacks:
>
> (These were back-channels / drops, not the IP the e-mails attacks
> originated from)
>
> jmyp.8800.org (123.120.99.37) on port 80 and 21
> shareitok.51.net (219.232.224.95)
> hXXp://cpos.8800.org/logo.php (211.115.80.147)
> msus.6600.org
> js001.3322.org (222.35.136.119)
>
> V/R,
> Matt Swaar
> US-CERT Analyst
>
> -----Original Message-----
> From: Swaar, Matthew
> Sent: Friday, February 20, 2009 3:40 AM
> To: nsp-security at puck.nether.net
> Subject: Adobe Reader 0day
>
> For those that haven't seen this yet:
>
> http://www.theregister.co.uk/2009/02/20/adobe_reader_exploit/
> http://www.shadowserver.org/wiki/pmwiki.php?n=Calendar.20090219
> http://www.adobe.com/support/security/advisories/apsa09-01.html
>
> I can confirm that there is active (targeted) exploitation taking place.
>
> V/R,
> Matt Swaar
> US-CERT Analyst
>
>
> _______________________________________________
> nsp-security mailing list
> nsp-security at puck.nether.net
> https://puck.nether.net/mailman/listinfo/nsp-security
>
> Please do not Forward, CC, or BCC this E-mail outside of the nsp-security
> community. Confidentiality is essential for effective Internet security
> counter-measures.
> _______________________________________________
--
Stephen Gill, Chief Scientist, Team Cymru
http://www.cymru.com | +1 312 924 4023 | gillsr at cymru.com
More information about the nsp-security
mailing list