[nsp-sec] Yahoo malware distribution
Jon Lewis
jlewis at lewis.org
Thu Jun 23 11:03:59 EDT 2011
Both received in spam this morning.
http :// federalreserve-report.com / transaction-report.pdf.exe
http :// nacha-report.org / transaction-report.pdf.exe
I haven't analyzed the exe's but what else would they be?
;; ANSWER SECTION:
federalreserve-report.com. 1091 IN A 67.195.145.141
federalreserve-report.com. 1091 IN A 67.195.145.142
;; AUTHORITY SECTION:
federalreserve-report.com. 78241 IN NS yns1.yahoo.com.
federalreserve-report.com. 78241 IN NS yns2.yahoo.com.
federalreserve-report.com. 78241 IN NS ns8.san.yahoo.com.
federalreserve-report.com. 78241 IN NS ns9.san.yahoo.com.
;; ANSWER SECTION:
nacha-report.org. 1147 IN A 67.195.145.141
nacha-report.org. 1147 IN A 67.195.145.142
;; AUTHORITY SECTION:
nacha-report.org. 74932 IN NS yns2.yahoo.com.
nacha-report.org. 74932 IN NS ns8.san.yahoo.com.
nacha-report.org. 74932 IN NS yns1.yahoo.com.
nacha-report.org. 74932 IN NS ns9.san.yahoo.com.
----------------------------------------------------------------------
Jon Lewis, MCP :) | I route
Senior Network Engineer | therefore you are
Atlantic Net |
_________ http://www.lewis.org/~jlewis/pgp for PGP public key_________
More information about the nsp-security
mailing list