[nsp-sec] more yahoo zeus malware

Igor Gashinsky igor at yahoo-inc.com
Wed Jul 13 15:10:24 EDT 2011 

ack to both..

On Wed, 13 Jul 2011, Jon Lewis wrote:

:: ----------- nsp-security Confidential --------
:: 
:: http://federalsecuritygov[dot]com/banking_security_update.exe
:: 
:: $ md5sum banking_security_update.exe
:: a56f7d43ed30fd4427edaa8776f26be8  banking_security_update.exe
:: 
:: Domain Name.......... federalsecuritygov.com
::    Creation Date........ 2011-07-13
::    Registration Date.... 2011-07-13
::    Expiry Date.......... 2012-07-13
::    Organisation Name.... Mike Hidy
::    Organisation Address. PO Box 61359
::    Organisation Address.
::    Organisation Address. Sunnyvale
::    Organisation Address. 94088
::    Organisation Address. CA
::    Organisation Address. US
:: 
:: Admin Name........... Admin PrivateRegContact
::    Admin Address........ PO Box 61359
::    Admin Address........ registered post accepted only
::    Admin Address........ Sunnyvale
::    Admin Address........ 94088
::    Admin Address........ CA
::    Admin Address........ US
::    Admin Email.......... contact at myprivateregistration.com
::    Admin Phone.......... +1.5105952002
::    Admin Fax............
:: 
:: Tech Name............ TECH PrivateRegContact
::    Tech Address......... PO Box 61359
::    Tech Address......... registered post accepted only
::    Tech Address......... Sunnyvale
::    Tech Address......... 94088
::    Tech Address......... CA
::    Tech Address......... US
::    Tech Email........... contact at myprivateregistration.com
::    Tech Phone........... +1.5105952002
::    Tech Fax.............
::    Name Server.......... yns1.yahoo.com
::    Name Server.......... yns2.yahoo.com
:: 
:: ;; ANSWER SECTION:
:: federalsecuritygov.com. 1075    IN      A       98.139.135.21
:: federalsecuritygov.com. 1075    IN      A       98.139.135.22
:: 
:: ;; AUTHORITY SECTION:
:: federalsecuritygov.com. 86275   IN      NS      yns2.yahoo.com.
:: federalsecuritygov.com. 86275   IN      NS      ns8.san.yahoo.com.
:: federalsecuritygov.com. 86275   IN      NS      ns9.san.yahoo.com.
:: federalsecuritygov.com. 86275   IN      NS      yns1.yahoo.com.
:: 
:: ----------------------------------------------------------------------
::   Jon Lewis, MCP :)           |  I route
::   Senior Network Engineer     |  therefore you are
::   Atlantic Net                |
:: _________ http://www.lewis.org/~jlewis/pgp for PGP public key_________
:: 
:: 
:: _______________________________________________
:: nsp-security mailing list
:: nsp-security at puck.nether.net
:: https://puck.nether.net/mailman/listinfo/nsp-security
:: 
:: Please do not Forward, CC, or BCC this E-mail outside of the nsp-security
:: community. Confidentiality is essential for effective Internet security counter-measures.
:: _______________________________________________
:: 

--------------------+----------------------+------------------
   Igor Gashinsky   | Network Architecture | Yahoo! Inc.
 igor at yahoo-inc.com |  cell 917.807.2213   | Do You... Yahoo?
--------------------+----------------------+------------------

More information about the nsp-security mailing list