[nsp-sec] Peter may have chased the "mailbox settings" folks off Google

Yonglin ZHOU yonglin.zhou at gmail.com
Wed May 12 21:42:50 EDT 2010 

Bill,
I found the domain was created just yesterday (May 12). And when I
visited the page, I got a 'Canadian pharmacy' page.
Did you found any more info to prove that saidmeek.com is used to a
malware incident? We need such info to support out action to taking
down the domain.

Yonglin.
CNCERT

On Thu, May 13, 2010 at 12:24 AM, Bill Owens <owens at nysernet.org> wrote:
> ----------- nsp-security Confidential --------
>
> But they didn't go to AOL ;) The latest one in my inbox:
>
> Received: from TGBGIMIZFS (unknown [41.252.37.98])
>  by adelie.nysernet.org (Postfix) with ESMTP id 6ACA6590050     for
>  <bill-tapr at owensfamily.org>; Wed, 12 May 2010 11:17:54 -0400 (EDT)
> Date: Wed, 12 May 2010 17:17:21 +0200
> From: "owensfamily.org support" <bill-tapr at owensfamily.org>
> Subject: setting for your mailbox bill-tapr at owensfamily.org are changed
>
> SMTP and POP3 servers for bill-tapr at owensfamily.org mailbox are changed.
> Please carefully read the attached instructions before updating settings.
>
> http://saidmeek.com/
>
> - - -
>
> Fresh domain name:
>
> Domain Name.......... saidmeek.com
>  Creation Date........ 2010-05-12 14:24:49
>  Registration Date.... 2010-05-12 14:24:49
>  Expiry Date.......... 2011-05-12 14:24:49
>  Organisation Name.... zhao jianghua
>  Organisation Address. lianyungangnanlu57
>  Organisation Address.
>  Organisation Address. lianyungang
>  Organisation Address. 222019
>  Organisation Address. JS
>  Organisation Address. CN
>
>  Name Server.......... ns1.safebought.com
>  Name Server.......... ns4.bottomlog.com
>  Name Server.......... ns3.bottomlog.com
>  Name Server.......... ns6.1g5.ru
>
> Resolves to 122.141.64.135, which is
>
> AS      | IP               | AS Name
> 4837    | 122.141.64.135   | CHINA169-BACKBONE CNCGROUP China169 Backbone
>
> Bill.
>
>
> _______________________________________________
> nsp-security mailing list
> nsp-security at puck.nether.net
> https://puck.nether.net/mailman/listinfo/nsp-security
>
> Please do not Forward, CC, or BCC this E-mail outside of the nsp-security
> community. Confidentiality is essential for effective Internet security counter-measures.
> _______________________________________________
>



-- 
----------------- Enjoy the life --------------------
Yonglin ZHOU
Fix line: + 86 10 8299 0355  Fax: +86 10 8299 0399
Email: zyl at cert.org.cn,  yonglin.zhou at gmail.com
-------------------------------------------------------------------------

More information about the nsp-security mailing list