[nsp-sec] more Yahoo nacha/zeus malware distribution
Igor Gashinsky
igor at yahoo-inc.com
Wed Jun 29 18:08:04 EDT 2011
Ack..
-igor
On Wed, 29 Jun 2011, Jon Lewis wrote:
:: ----------- nsp-security Confidential --------
::
:: http://p8.hostingprod.com/@nacha-reports[dot]us/transaction-report.pdf.exe
::
:: ;; ANSWER SECTION:
:: nacha-reports.us. 1120 IN A 67.195.145.142
:: nacha-reports.us. 1120 IN A 67.195.145.141
::
:: Domain Name: NACHA-REPORTS.US
:: Domain ID: D33136025-US
:: Sponsoring Registrar: MELBOURNE IT LTD
:: Registrar URL (registration services): whois.inww.com
:: Domain Status: clientTransferProhibited
:: Registrant ID: G130934370377333
:: Registrant Name: Heike Powell
:: Registrant Organization: nacha-reports
:: Registrant Address1: 1719 Silverwood
:: Registrant City: Martinez
:: Registrant State/Province: CA
:: Registrant Postal Code: 94553
:: Registrant Country: United States
:: Registrant Country Code: US
:: Registrant Phone Number: +1.8007478521
:: Registrant Email: fillopos at yahoo.com
:: Registrant Application Purpose: P4
:: Registrant Nexus Category: C12
:: Administrative Contact ID: G130934370377331
:: Administrative Contact Name: Heike Powell
:: Administrative Contact Organization: nacha-reports
:: Administrative Contact Address1: 1719 Silverwood
:: Administrative Contact City: Martinez
:: Administrative Contact State/Province: CA
:: Administrative Contact Postal Code: 94553
:: Administrative Contact Country: United States
:: Administrative Contact Country Code: US
:: Administrative Contact Phone Number: +1.8007478521
:: Administrative Contact Email: fillopos at yahoo.com
:: Billing Contact ID: E130934384627929
:: Billing Contact Name: YahooDomains BillingContact
:: Billing Contact Organization: Yahoo! Inc
:: Billing Contact Address1: 701 First Ave.
:: Billing Contact City: Sunnyvale
:: Billing Contact State/Province: CA
:: Billing Contact Postal Code: 94089
:: Billing Contact Country: United States
:: Billing Contact Country Code: US
:: Billing Contact Phone Number: +1.4089162124
:: Billing Contact Email: domain.billing at yahoo-inc.com
:: Technical Contact ID: E130934384627931
:: Technical Contact Name: YahooDomains TechContact
:: Technical Contact Organization: Yahoo! Inc
:: Technical Contact Address1: 701 First Ave.
:: Technical Contact City: Sunnyvale
:: Technical Contact State/Province: CA
:: Technical Contact Postal Code: 94089
:: Technical Contact Country: United States
:: Technical Contact Country Code: US
:: Technical Contact Phone Number: +1.4089162124
:: Technical Contact Email: domain.tech at yahoo-inc.com
:: Name Server: YNS1.YAHOO.COM
:: Name Server: YNS2.YAHOO.COM
:: Created by Registrar: MELBOURNE IT LTD
:: Last Updated by Registrar: MELBOURNE IT LTD
:: Domain Registration Date: Wed Jun 29 10:45:57 GMT 2011
:: Domain Expiration Date: Thu Jun 28 23:59:59 GMT 2012
:: Domain Last Updated Date: Wed Jun 29 10:45:59 GMT 2011
::
:: Interestingly, transaction-report.pdf.exe is exactly the same size it's
:: been, but the md5sum has changed.
::
:: ----------------------------------------------------------------------
:: Jon Lewis, MCP :) | I route
:: Senior Network Engineer | therefore you are
:: Atlantic Net |
:: _________ http://www.lewis.org/~jlewis/pgp for PGP public key_________
::
::
:: _______________________________________________
:: nsp-security mailing list
:: nsp-security at puck.nether.net
:: https://puck.nether.net/mailman/listinfo/nsp-security
::
:: Please do not Forward, CC, or BCC this E-mail outside of the nsp-security
:: community. Confidentiality is essential for effective Internet security counter-measures.
:: _______________________________________________
::
--------------------+----------------------+------------------
Igor Gashinsky | Network Architecture | Yahoo! Inc.
igor at yahoo-inc.com | cell 917.807.2213 | Do You... Yahoo?
--------------------+----------------------+------------------
More information about the nsp-security
mailing list