[nsp-sec] more yahoo zeus malware

Jon Lewis jlewis at lewis.org
Wed Jul 13 09:07:31 EDT 2011 

http://usbanking-security[dot]com/tax_report.pdf.exe

Domain Name.......... usbanking-security.com
   Creation Date........ 2011-07-13
   Registration Date.... 2011-07-13
   Expiry Date.......... 2012-07-13
   Organisation Name.... BOBBY II
   Organisation Address. PO Box 61359
   Organisation Address.
   Organisation Address. Sunnyvale
   Organisation Address. 94088
   Organisation Address. CA
   Organisation Address. US

Admin Name........... Admin PrivateRegContact
   Admin Address........ PO Box 61359
   Admin Address........ registered post accepted only
   Admin Address........ Sunnyvale
   Admin Address........ 94088
   Admin Address........ CA
   Admin Address........ US
   Admin Email.......... contact at myprivateregistration.com
   Admin Phone.......... +1.5105952002
   Admin Fax............

Tech Name............ TECH PrivateRegContact
   Tech Address......... PO Box 61359
   Tech Address......... registered post accepted only
   Tech Address......... Sunnyvale
   Tech Address......... 94088
   Tech Address......... CA
   Tech Address......... US
   Tech Email........... contact at myprivateregistration.com
   Tech Phone........... +1.5105952002
   Tech Fax.............
   Name Server.......... yns2.yahoo.com
   Name Server.......... yns1.yahoo.com

;; ANSWER SECTION:
usbanking-security.com. 1096    IN      A       98.139.135.21
usbanking-security.com. 1096    IN      A       98.139.135.22

;; AUTHORITY SECTION:
usbanking-security.com. 86296   IN      NS      yns1.yahoo.com.
usbanking-security.com. 86296   IN      NS      yns2.yahoo.com.
usbanking-security.com. 86296   IN      NS      ns8.san.yahoo.com.
usbanking-security.com. 86296   IN      NS      ns9.san.yahoo.com.

;; ADDITIONAL SECTION:
ns8.san.yahoo.com.      172752  IN      A       98.136.43.32
ns9.san.yahoo.com.      172752  IN      A       98.139.247.192

$ md5sum tax_report.pdf.exe
a56f7d43ed30fd4427edaa8776f26be8  tax_report.pdf.exe

----------------------------------------------------------------------
  Jon Lewis, MCP :)           |  I route
  Senior Network Engineer     |  therefore you are
  Atlantic Net                |
_________ http://www.lewis.org/~jlewis/pgp for PGP public key_________

More information about the nsp-security mailing list