[nsp-sec] spyeye infected drones
Joel Rosenblatt
joel at columbia.edu
Thu Mar 17 15:59:49 EDT 2011
Hi,
I noticed that the DHL spam stopped hitting us on Feb 11, and the next day it was replaced with FedEx spam that contained a .zip file named FexEx notice.zip or
FedEx.zip, with the content being a .exe file with the same name as the .zip
I guess next week, it will be UPS
Thanks,
Joel Rosenblatt
Joel Rosenblatt, Manager Network & Computer Security
Columbia Information Security Office (CISO)
Columbia University, 612 W 115th Street, NY, NY 10025 / 212 854 3033
http://www.columbia.edu/~joel
Public PGP key
http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x90BD740BCC7326C3
> Hi Teams,
>
> please find attached a list of drones, which contacted one of the
> domains mentioned here:
> http://ddanchev.blogspot.com/2011/03/more-spamvertised-dhl-notifications.html
>
> The drones are using a unique User-Agent string, "Opera/10.80 Pesto/2.2.30"
>
> The format of the list is:
> ASN | IP | CC | date first seen
>
> kind regards, Dirk Stander (1&1 Internet AG) :.
--On Thursday, March 17, 2011 3:18 PM +0100 Dirk Stander <dst+nsp-sec at glaskugel.org> wrote:
> ----------- nsp-security Confidential --------
>
Joel Rosenblatt, Manager Network & Computer Security
Columbia Information Security Office (CISO)
Columbia University, 612 W 115th Street, NY, NY 10025 / 212 854 3033
http://www.columbia.edu/~joel
Public PGP key
http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x90BD740BCC7326C3
More information about the nsp-security
mailing list