[nsp-sec] more Yahoo nacha/zeus malware distribution
Jon Lewis
jlewis at lewis.org
Wed Jun 29 09:04:03 EDT 2011
http://p8.hostingprod.com/@nacha-reports[dot]us/transaction-report.pdf.exe
;; ANSWER SECTION:
nacha-reports.us. 1120 IN A 67.195.145.142
nacha-reports.us. 1120 IN A 67.195.145.141
Domain Name: NACHA-REPORTS.US
Domain ID: D33136025-US
Sponsoring Registrar: MELBOURNE IT LTD
Registrar URL (registration services): whois.inww.com
Domain Status: clientTransferProhibited
Registrant ID: G130934370377333
Registrant Name: Heike Powell
Registrant Organization: nacha-reports
Registrant Address1: 1719 Silverwood
Registrant City: Martinez
Registrant State/Province: CA
Registrant Postal Code: 94553
Registrant Country: United States
Registrant Country Code: US
Registrant Phone Number: +1.8007478521
Registrant Email: fillopos at yahoo.com
Registrant Application Purpose: P4
Registrant Nexus Category: C12
Administrative Contact ID: G130934370377331
Administrative Contact Name: Heike Powell
Administrative Contact Organization: nacha-reports
Administrative Contact Address1: 1719 Silverwood
Administrative Contact City: Martinez
Administrative Contact State/Province: CA
Administrative Contact Postal Code: 94553
Administrative Contact Country: United States
Administrative Contact Country Code: US
Administrative Contact Phone Number: +1.8007478521
Administrative Contact Email: fillopos at yahoo.com
Billing Contact ID: E130934384627929
Billing Contact Name: YahooDomains BillingContact
Billing Contact Organization: Yahoo! Inc
Billing Contact Address1: 701 First Ave.
Billing Contact City: Sunnyvale
Billing Contact State/Province: CA
Billing Contact Postal Code: 94089
Billing Contact Country: United States
Billing Contact Country Code: US
Billing Contact Phone Number: +1.4089162124
Billing Contact Email: domain.billing at yahoo-inc.com
Technical Contact ID: E130934384627931
Technical Contact Name: YahooDomains TechContact
Technical Contact Organization: Yahoo! Inc
Technical Contact Address1: 701 First Ave.
Technical Contact City: Sunnyvale
Technical Contact State/Province: CA
Technical Contact Postal Code: 94089
Technical Contact Country: United States
Technical Contact Country Code: US
Technical Contact Phone Number: +1.4089162124
Technical Contact Email: domain.tech at yahoo-inc.com
Name Server: YNS1.YAHOO.COM
Name Server: YNS2.YAHOO.COM
Created by Registrar: MELBOURNE IT LTD
Last Updated by Registrar: MELBOURNE IT LTD
Domain Registration Date: Wed Jun 29 10:45:57 GMT 2011
Domain Expiration Date: Thu Jun 28 23:59:59 GMT 2012
Domain Last Updated Date: Wed Jun 29 10:45:59 GMT 2011
Interestingly, transaction-report.pdf.exe is exactly the same size it's
been, but the md5sum has changed.
----------------------------------------------------------------------
Jon Lewis, MCP :) | I route
Senior Network Engineer | therefore you are
Atlantic Net |
_________ http://www.lewis.org/~jlewis/pgp for PGP public key_________
More information about the nsp-security
mailing list