[nsp-sec] Yahoo malware distribution

Igor Gashinsky igor at yahoo-inc.com
Wed Jul 20 13:11:30 EDT 2011 

ack.. should be down shortly..

-igor

On Wed, 20 Jul 2011, Jon Lewis wrote:

:: ----------- nsp-security Confidential --------
:: 
:: http://alerts-federalresrve[dot]com/rejected_wire.pdf.exe
:: 
:: Domain Name.......... alerts-federalresrve.com
::    Creation Date........ 2011-07-20
::    Registration Date.... 2011-07-20
::    Expiry Date.......... 2012-07-20
::    Organisation Name.... Judy Ramirez
::    Organisation Address. PO Box 61359
::    Organisation Address.
::    Organisation Address. Sunnyvale
::    Organisation Address. 94088
::    Organisation Address. CA
::    Organisation Address. US
:: 
:: Admin Name........... Admin PrivateRegContact
::    Admin Address........ PO Box 61359
::    Admin Address........ registered post accepted only
::    Admin Address........ Sunnyvale
::    Admin Address........ 94088
::    Admin Address........ CA
::    Admin Address........ US
::    Admin Email.......... contact at myprivateregistration.com
::    Admin Phone.......... +1.5105952002
::    Admin Fax............
:: 
:: Tech Name............ TECH PrivateRegContact
::    Tech Address......... PO Box 61359
::    Tech Address......... registered post accepted only
::    Tech Address......... Sunnyvale
::    Tech Address......... 94088
::    Tech Address......... CA
::    Tech Address......... US
::    Tech Email........... contact at myprivateregistration.com
::    Tech Phone........... +1.5105952002
::    Tech Fax.............
::    Name Server.......... yns2.yahoo.com
::    Name Server.......... yns1.yahoo.com
:: 
:: 
:: 
:: Results brought to you by the GeekTools WHOIS Proxy v3.1.4
:: Server results may be copyrighted and are used with permission.
:: Your host (127.0.0.1) has visited 8221 times today.
:: 
:: 
:: [root at rt2 tmp]# dig alerts-federalresrve.com'
:: >
:: [root at rt2 tmp]# dig alerts-federalresrve.com
:: 
:: ; <<>> DiG 9.3.6-P1-RedHat-9.3.6-4.P1.el5 <<>> alerts-federalresrve.com
:: ;; global options:  printcmd
:: ;; Got answer:
:: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 23371
:: ;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 4, ADDITIONAL: 0
:: 
:: ;; QUESTION SECTION:
:: ;alerts-federalresrve.com.      IN      A
:: 
:: ;; ANSWER SECTION:
:: alerts-federalresrve.com. 1200  IN      A       98.139.135.21
:: alerts-federalresrve.com. 1200  IN      A       98.139.135.22
:: 
:: ;; AUTHORITY SECTION:
:: alerts-federalresrve.com. 86400 IN      NS      yns2.yahoo.com.
:: alerts-federalresrve.com. 86400 IN      NS      ns8.san.yahoo.com.
:: alerts-federalresrve.com. 86400 IN      NS      ns9.san.yahoo.com.
:: alerts-federalresrve.com. 86400 IN      NS      yns1.yahoo.com.
:: 
:: 
:: 
:: _______________________________________________
:: nsp-security mailing list
:: nsp-security at puck.nether.net
:: https://puck.nether.net/mailman/listinfo/nsp-security
:: 
:: Please do not Forward, CC, or BCC this E-mail outside of the nsp-security
:: community. Confidentiality is essential for effective Internet security counter-measures.
:: _______________________________________________
:: 

--------------------+----------------------+------------------
   Igor Gashinsky   | Network Architecture | Yahoo! Inc.
 igor at yahoo-inc.com |  cell 917.807.2213   | Do You... Yahoo?
--------------------+----------------------+------------------

More information about the nsp-security mailing list