[nsp-sec] Yahoo malware distribution

Jon Lewis jlewis at lewis.org
Wed Jul 20 10:10:25 EDT 2011 

http://alerts-federalresrve[dot]com/rejected_wire.pdf.exe

Domain Name.......... alerts-federalresrve.com
   Creation Date........ 2011-07-20
   Registration Date.... 2011-07-20
   Expiry Date.......... 2012-07-20
   Organisation Name.... Judy Ramirez
   Organisation Address. PO Box 61359
   Organisation Address.
   Organisation Address. Sunnyvale
   Organisation Address. 94088
   Organisation Address. CA
   Organisation Address. US

Admin Name........... Admin PrivateRegContact
   Admin Address........ PO Box 61359
   Admin Address........ registered post accepted only
   Admin Address........ Sunnyvale
   Admin Address........ 94088
   Admin Address........ CA
   Admin Address........ US
   Admin Email.......... contact at myprivateregistration.com
   Admin Phone.......... +1.5105952002
   Admin Fax............

Tech Name............ TECH PrivateRegContact
   Tech Address......... PO Box 61359
   Tech Address......... registered post accepted only
   Tech Address......... Sunnyvale
   Tech Address......... 94088
   Tech Address......... CA
   Tech Address......... US
   Tech Email........... contact at myprivateregistration.com
   Tech Phone........... +1.5105952002
   Tech Fax.............
   Name Server.......... yns2.yahoo.com
   Name Server.......... yns1.yahoo.com



Results brought to you by the GeekTools WHOIS Proxy v3.1.4
Server results may be copyrighted and are used with permission.
Your host (127.0.0.1) has visited 8221 times today.


[root at rt2 tmp]# dig alerts-federalresrve.com'
>
[root at rt2 tmp]# dig alerts-federalresrve.com

; <<>> DiG 9.3.6-P1-RedHat-9.3.6-4.P1.el5 <<>> alerts-federalresrve.com
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 23371
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 4, ADDITIONAL: 0

;; QUESTION SECTION:
;alerts-federalresrve.com.      IN      A

;; ANSWER SECTION:
alerts-federalresrve.com. 1200  IN      A       98.139.135.21
alerts-federalresrve.com. 1200  IN      A       98.139.135.22

;; AUTHORITY SECTION:
alerts-federalresrve.com. 86400 IN      NS      yns2.yahoo.com.
alerts-federalresrve.com. 86400 IN      NS      ns8.san.yahoo.com.
alerts-federalresrve.com. 86400 IN      NS      ns9.san.yahoo.com.
alerts-federalresrve.com. 86400 IN      NS      yns1.yahoo.com.

More information about the nsp-security mailing list