[nsp-sec] Yahoo malware distribution
Jon Lewis
jlewis at lewis.org
Mon Jun 27 10:28:17 EDT 2011
On Fri, 24 Jun 2011, Igor Gashinsky wrote:
> ack.. they should be nuked shortly..
They've adapted. Today's version uses what I suppose is probably
relatively bulletproof hosting and a URL shortener.
http://shortn.me/i6pm ->
http://sdfgsjhtgbaadfg[dot]cz[dot]cc/index.php?tp=ac86c67972949c8d
Still something for you to nuke though:
[http://www.nic.cz.cc/whois.php]
Whois Lookup for: sdfgsjhtgbaadfg.cz.cc
Domainname: sdfgsjhtgbaadfg.cz.cc
Valid until: 2012-06-27 02:31:24
Created on: 2011-06-27 02:31:24
Registrant:
Organization:
Name: Vile Stren
Address: Buls 8
City: Nurenberg
Country: Germany
Postcode: 19283
*** Email: jsdkfterd at yahoo.com ***
----------------------------------------------------------------------
Jon Lewis, MCP :) | I route
Senior Network Engineer | therefore you are
Atlantic Net |
_________ http://www.lewis.org/~jlewis/pgp for PGP public key_________
More information about the nsp-security
mailing list