Last visit was: Fri Jul 04, 2014 9:23 pm
It is currently Fri Jul 04, 2014 9:23 pm

ZeuS/Eva Pharmacy overlap

Board index » Cybercrime » Malware

All times are UTC - 5 hours [ DST ]

 Page 1 of 1
  [ 1 post ] 
  Previous topic | Next topic 
Author Message
AlphaCentauri
 PostPosted: Sat Feb 05, 2011 10:21 pm   
You are kiillllling-a my bizinisss!
User avatar

Joined: Thu Mar 01, 2007 3:01 am
Posts: 5915
The domains and nameserver hosted on 211.138.121.4 (China Mobile) are a mixture of nameservers for Eva Pharmacy domains and domains distributing the ZeuS trojan:
Code:
ns1.oldssite.com    A    211.138.121.4
ns2.plainssite.com    A    211.138.121.4
ns1.pharmacypillsshop.com    A    211.138.121.4
ns1.pharmacywellnesspills.com    A    211.138.121.4
ns2.sleepingpillsfitnesspills.com    A    211.138.121.4
ns2.prescriptionmedspharmacytablets.com    A    211.138.121.4
ns1.rxpressdrugdirect.com    A    211.138.121.4
poehali002.info    A    211.138.121.4
ns1.pillshealthrxdrugs.at    A    211.138.121.4
ns1.claytabletsdrugstore.net    A    211.138.121.4
ns1.yourhealthpills.net    A    211.138.121.4
ns1.pilldrugstorepharmacycareers.net    A    211.138.121.4
ns1.rxpillstablets.net    A    211.138.121.4
ns2.tabletpillsrx.net    A    211.138.121.4
ns1.professionalpharmacyrx.net    A    211.138.121.4
ns2.sleepingpillspharmacy.net    A    211.138.121.4
espmexusa.ru    A    211.138.121.4
www.espmexusa.ru    A    211.138.121.4
www.turkeyinworld.ru    A    211.138.121.4
ns1.medspillsdrugstore.ru    A    211.138.121.4
ns1.pharmacyrxdrugstore.ru    A    211.138.121.4
ns2.pilldrugstorerxprescription.ru    A    211.138.121.4
ns1.xzbyo.ru    A    211.138.121.4
www.tunisianowar.ru    A    211.138.121.4
ns1.zfocr.ru    A    211.138.121.4
ns1.pilltabletsmeds.ru    A    211.138.121.4
ns2.drugtorespecialtypharmacymeds.ru    A    211.138.121.4
ns1.prescriptiondrugtorepharmacypills.ru    A    211.138.121.4
ns1.pillspharmacydrugstorechains.ru    A    211.138.121.4
ns1.prescriptiondrugstoretablets.ru    A    211.138.121.4
ns1.prescriptiondrugstoremedstablets.ru    A    211.138.121.4
ns2.prescriptiondrugstoremedstablets.ru    A    211.138.121.4
ns1.lensrxtablets.ru    A    211.138.121.4
ns2.pillhealthmedsplus.ru    A    211.138.121.4
ns1.yoasu.ru    A    211.138.121.4
ns1.pillprescriptiondrugstorerx.ru    A    211.138.121.4
ns1.medspharmacytechrx.ru    A    211.138.121.4
ns1.medspharmacyexamrx.ru    A    211.138.121.4
ns1.lensrx.ru    A    211.138.121.4
ns1.pillgraphictabletsrx.ru    A    211.138.121.4
ns1.rxprescriptiondrugstorepharmacy.ru    A    211.138.121.4
ns2.sleepingpillstabletspharmacy.ru    A    211.138.121.4
www.airegyptbiz.ru    A    211.138.121.4


Examples:
https://zeustracker.abuse.ch/monitor.ph ... inworld.ru
turkeyinworld.ru/turkeysman.exe = ZeuS binary

http://whois.domaintools.com/ostanauge.com
ostanauge.com = CH&CM
nameservers:
NS2.PILLPHARMACYMEDSTECHNOLOGIES.COM (shut down)
NS1.ZFOCR.RU
Top
 Profile  
 Page 1 of 1
  [ 1 post ] 

Board index » Cybercrime » Malware

All times are UTC - 5 hours [ DST ]

Who is online

Users browsing this forum: Wayback machine and 0 guests

You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Jump to:  


Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group
Style originally created by Volize © 2003 • Redesigned SkyLine by MartectX © 2008