Wednesday, January 27, 2010

Minipost: VISA Zeus

This is not the first time we've seen a Zeus dropper acting like a VISA phish . . . recently we've had the December 21st VISA and December 12th VISA campaigns. The emails are the same as the previous campaigns.

We've seen these 53 domain names so far today in the UAB Spam Data Mine:

They are used in an assortment of hostnames, including:

as well as a variety of patterns with random numbers in the middle, such as:

As usual, these are "Fast Flux" hosted, meaning that, for example, all of these IP addresses have been seen to resolve the domains today . . .

(More complete list of machines:

No comments:

Post a Comment

Trying a new setting. After turning on comments, I got about 20-30 comments per day that were all link spam. Sorry to require login, but the spam was too much.