[nsp-sec] Attn Amazon.com (AS14618) - Rimecud URL hosted

[Dave Burke]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

ACK 14618 - Sanitized & passed to EC2 abuse team.

thanks!

On 17/01/2011 06:02, Carol Overes wrote:
> ----------- nsp-security Confidential --------
> 
> All,
> 
> The following URL hosts a Rimecud/Yimfoca binary:
> 
> hxxp://icanhaz.com/images7712?=
> 
> AS      | IP               | BGP Prefix          | CC | Registry |
> Allocated  | AS Name
> 14618   | 204.236.232.122  | 204.236.224.0/19    | US | arin     |
> 2009-07-07 | AMAZON-AES - Amazon.com, Inc.
> 
> The hosted binary changes frequently. Latest seen MD5:
> 
> 119e88656164a6e1307f3b49493402ab
> 46169567938e465882b6bfe1d01aa344
> 779a607a64ab539d5b5b3be9d85105af
> caaa1fd9b34d2bffe25bb52087fbd75d
> e7e16c7ee93e07403ac74e8f3977294c
> 
> Detection rate for 119e88656164a6e1307f3b49493402ab (represents
> detection rate of the other MD5's):
> http://www.virustotal.com/file-scan/report.html?id=6dd7473430a3ead3296f5
> 394818215e92a5f92891db4763834336aefef8a91ca-1295271174
> 
> The malware is spread via instant messengers.
> 
> Kind regards,
> Carol Overes
> 
> 
>  
> Carol Overes
> Incident Handling and Threat Analyst
> Technology
> 
> Emirates Integrated Telecommunications Company, PJSC
> P.O. Box 502666, Dubai, U.A.E.
> 
> Mobile +971558486469
> 
> http://www.du.ae/
> 
> This email and any attachments contain confidential information. You must not read, print, copy, store, or otherwise use them unless you are the intended recipient. If you have received them in error, please delete them and contact du.
> Without exception, du does not enter into any agreement through email communications and nothing in this email shall be construed or interpreted as binding du or creating any obligation (whether financial or otherwise) for du.
> You should check attachments for viruses before opening. Please note that email communications may be monitored in accordance with the laws of the United Arab Emirates.
> 
> Authorized, issued and fully paid up share capital of AED 4,571,428,571
> Commercial License No.576513; Commercial Registration No. 77967
> 
> 
> 
> 
> _______________________________________________
> nsp-security mailing list
> nsp-security at puck.nether.net
> https://puck.nether.net/mailman/listinfo/nsp-security
> 
> Please do not Forward, CC, or BCC this E-mail outside of the nsp-security
> community. Confidentiality is essential for effective Internet security counter-measures.
> _______________________________________________
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.14 (Darwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAk00UOIACgkQvMJ1IGjTxcEWIQCgtzkCXgKc7IsTt6rIEsh3YaqK
UiYAnRSQ1dEv8RGjRfWOaNDPVL9u/Ga1
=obNz
-----END PGP SIGNATURE-----



Amazon Data Services Ireland Limited registered office: Riverside One, Sir John Rogerson's Quay, Dublin 2, Ireland. Registered in Ireland. Registration number 390566.