CVE-2009-4324 PDF shit , dpc-shodanscan.py by 5ynl0rd + Trojan Pr0n SMS'ers and Haiti earthquake related domains being parked.

The widespread exploitation of the CVE-2009-4324 is no news at this point. Malicious PDF's taking advantage of the Acrobat Reader are still running rampit. This post will pose as a resource for research and study of this and other Acrobat Reader vulnerabilities. I will continue to add on to this instead of creating any new posts.

Official Adobe Bulletin

http://isc.sans.org/diary.html?storyid=7867 <-- excellent analysis http://isc.sans.org/diary.html?storyid=7903 <-- more++

http://vrt-sourcefire.blogspot.com/2009/12/adobe-reader-medianewplayer-analysis.html

PDF toolz including pdf-parser. This guy's site has a lot of great information about PDF in general. A must visit on this subject!
***http://blog.didierstevens.com/programs/pdf-tools/***

Mitigation and prevention of CVE-2009-4324 Adobe Acrobat reader Vuln

ttp://feliam.wordpress.com/2010/01/13/generic-pdf-exploit-hider-embedpdf-py-and-goodbye-av-detection-012010/ <-- good shit
Old news about the payload

Brad Arkin on Adobe Reader 0day and the Response from Adobe's security team.

MetaSploit database.
http://downloads.securityfocus.com/vulnerabilities/exploits/adobe_media_newplayer.rb

and... Google hax0rz target src code of more than 30 companies
Adobes Post about the subject

Reader Update ship schedule.

Old post about exploiting PDFs without being opened.

And without further adu, here is some Python code that uses shodan tosearch for specific network services. Great idea and work 5ynl0rd.

!!! dpc-shodanscan.py !!!

in other news, many domains are already being parked in relation to the Haiti earthquake. but why? Most likely malware related.

Trojan Pr0n dialers make a "cumback" h0h0h0. built on Java 2 micro edition language, these malicious apps will send premium SMS messages to high-rate adult numbers without the users knowledge. Old concept, new warez.