[nsp-sec] Yahoo malware distribution

Igor Gashinsky igor at yahoo-inc.com
Fri Jun 24 15:11:35 EDT 2011 

ack.. they should be nuked shortly..

-igor

On Thu, 23 Jun 2011, Jon Lewis wrote:

:: ----------- nsp-security Confidential --------
:: 
:: Both received in spam this morning.
:: 
:: http :// federalreserve-report.com / transaction-report.pdf.exe
:: http :// nacha-report.org / transaction-report.pdf.exe
:: 
:: I haven't analyzed the exe's but what else would they be?
:: 
:: ;; ANSWER SECTION:
:: federalreserve-report.com. 1091	IN	A	67.195.145.141
:: federalreserve-report.com. 1091	IN	A	67.195.145.142
:: 
:: ;; AUTHORITY SECTION:
:: federalreserve-report.com. 78241 IN	NS	yns1.yahoo.com.
:: federalreserve-report.com. 78241 IN	NS	yns2.yahoo.com.
:: federalreserve-report.com. 78241 IN	NS	ns8.san.yahoo.com.
:: federalreserve-report.com. 78241 IN	NS	ns9.san.yahoo.com.
:: 
:: ;; ANSWER SECTION:
:: nacha-report.org.	1147	IN	A	67.195.145.141
:: nacha-report.org.	1147	IN	A	67.195.145.142
:: 
:: ;; AUTHORITY SECTION:
:: nacha-report.org.	74932	IN	NS	yns2.yahoo.com.
:: nacha-report.org.	74932	IN	NS	ns8.san.yahoo.com.
:: nacha-report.org.	74932	IN	NS	yns1.yahoo.com.
:: nacha-report.org.	74932	IN	NS	ns9.san.yahoo.com.
:: 
:: 
:: 
:: ----------------------------------------------------------------------
::   Jon Lewis, MCP :)           |  I route
::   Senior Network Engineer     |  therefore you are
::   Atlantic Net                |
:: _________ http://www.lewis.org/~jlewis/pgp for PGP public key_________
:: 
:: 
:: _______________________________________________
:: nsp-security mailing list
:: nsp-security at puck.nether.net
:: https://puck.nether.net/mailman/listinfo/nsp-security
:: 
:: Please do not Forward, CC, or BCC this E-mail outside of the nsp-security
:: community. Confidentiality is essential for effective Internet security counter-measures.
:: _______________________________________________
:: 

--------------------+----------------------+------------------
   Igor Gashinsky   | Network Architecture | Yahoo! Inc.
 igor at yahoo-inc.com |  cell 917.807.2213   | Do You... Yahoo?
--------------------+----------------------+------------------

More information about the nsp-security mailing list