[nsp-sec] Yahoo malware distribution
Jon Lewis
jlewis at lewis.org
Thu Jun 23 15:18:27 EDT 2011
On Thu, 23 Jun 2011, Joe St Sauver wrote:
> Jon mentioned:
>
> #Both received in spam this morning.
> #
> #http :// federalreserve-report.com / transaction-report.pdf.exe
> #http :// nacha-report.org / transaction-report.pdf.exe
> Additional information
> MD5 : ef3d45b93629d9b198a589f6e43b0a75
Whoever they are targeting, they're pretty damn persistent. I just got
another spam with the second of the above URLs in it, and the Yahoo
hostest web site is still serving up the malware...same md5sum as above.
Does Yahoo no longer have representation on nsp-sec?
nacha-report.org. 987 IN A 67.195.145.142
nacha-report.org. 987 IN A 67.195.145.141
I'm beginning to wonder how bad the collateral damage would be if we null
routed those /32s.
----------------------------------------------------------------------
Jon Lewis, MCP :) | I route
Senior Network Engineer | therefore you are
Atlantic Net |
_________ http://www.lewis.org/~jlewis/pgp for PGP public key_________
More information about the nsp-security
mailing list