ZeuS/Eva Pharmacy overlap

A place to discuss malware of every flavor, e.g. Storm, Waledac, Conficker and Zeus

ZeuS/Eva Pharmacy overlap

Postby AlphaCentauri » Sat Feb 05, 2011 10:21 pm

The domains and nameserver hosted on (China Mobile) are a mixture of nameservers for Eva Pharmacy domains and domains distributing the ZeuS trojan:
Code: Select all
ns1.oldssite.com    A
ns2.plainssite.com    A
ns1.pharmacypillsshop.com    A
ns1.pharmacywellnesspills.com    A
ns2.sleepingpillsfitnesspills.com    A
ns2.prescriptionmedspharmacytablets.com    A
ns1.rxpressdrugdirect.com    A
poehali002.info    A
ns1.pillshealthrxdrugs.at    A
ns1.claytabletsdrugstore.net    A
ns1.yourhealthpills.net    A
ns1.pilldrugstorepharmacycareers.net    A
ns1.rxpillstablets.net    A
ns2.tabletpillsrx.net    A
ns1.professionalpharmacyrx.net    A
ns2.sleepingpillspharmacy.net    A
espmexusa.ru    A
www.espmexusa.ru    A
www.turkeyinworld.ru    A
ns1.medspillsdrugstore.ru    A
ns1.pharmacyrxdrugstore.ru    A
ns2.pilldrugstorerxprescription.ru    A
ns1.xzbyo.ru    A
www.tunisianowar.ru    A
ns1.zfocr.ru    A
ns1.pilltabletsmeds.ru    A
ns2.drugtorespecialtypharmacymeds.ru    A
ns1.prescriptiondrugtorepharmacypills.ru    A
ns1.pillspharmacydrugstorechains.ru    A
ns1.prescriptiondrugstoretablets.ru    A
ns1.prescriptiondrugstoremedstablets.ru    A
ns2.prescriptiondrugstoremedstablets.ru    A
ns1.lensrxtablets.ru    A
ns2.pillhealthmedsplus.ru    A
ns1.yoasu.ru    A
ns1.pillprescriptiondrugstorerx.ru    A
ns1.medspharmacytechrx.ru    A
ns1.medspharmacyexamrx.ru    A
ns1.lensrx.ru    A
ns1.pillgraphictabletsrx.ru    A
ns1.rxprescriptiondrugstorepharmacy.ru    A
ns2.sleepingpillstabletspharmacy.ru    A
www.airegyptbiz.ru    A

https://zeustracker.abuse.ch/monitor.ph ... inworld.ru
turkeyinworld.ru/turkeysman.exe = ZeuS binary

ostanauge.com = CH&CM
User avatar
You are kiillllling-a my bizinisss!
Posts: 5989
Joined: Thu Mar 01, 2007 3:01 am

Return to Malware

Who is online

Users browsing this forum: No registered users and 1 guest