Sophos

Download Windows 7 security - A great leap forward or business as usual?

« Daft (de)buggers… Are scammers leaving subtle clues? »

The main man

In Billy’s post early he mentioned that the malware Mal/EncPk-EQ could call home.

During the analysis of this malware we have seen several different domains used for this call home. With a slightly different url-path in the more recent ones.

From

/ctl/crcmds/main

to

/tdss/crcmds/main

FootballerLooking at the domains there are a number of common points. The most common name is Yuriy Shestakov, a name familiar to those who have investigated Canadian Pharmacy spam and Anti-Virus Scareware.

Yuriy Shestakov is also the name of a Russian Footballer (is he the spammer?). Is Yuriy the main man behind Mal/EncPk-EQ? Only time will tell.

Posted on November 13th, 2008 by Pob, SophosLabs, UK
Filed under: Malware, Spam, Web

Email this story to a friend   Digg   Reddit   Technorati   Slashdot   Facebook   Twitter   NewsVine   MySpace   Google   Live   Mixx   del.icio.us   StumbleUpon  

Download Windows 7 security - A great leap forward or business as usual?

Related posts