In this section

• Home
• Security
• SophosLabs blog
• 2008
• 11

• Analyses
• SophosLabs
• SophosLabs blog
• Spyware and adware
• Top 10 malware
• Hoaxes
• Technical papers
• Email notification
• Best practice
• White papers
• Web seminars
• Podcasts
• Hot topics

13 November 2008 15:33 GMT

The main man

In Billy’s post early he mentioned that the malware Mal/EncPk-EQ could call home.

During the analysis of this malware we have seen several different domains used for this call home. With a slightly different url-path in the more recent ones.

From

/ctl/crcmds/main

to

/tdss/crcmds/main

Looking at the domains there are a number of common points. The most common name is Yuriy Shestakov, a name familiar to those who have investigated Canadian Pharmacy spam and Anti-Virus Scareware.

Yuriy Shestakov is also the name of a Russian Footballer (is he the spammer?). Is Yuriy the main man behind Mal/EncPk-EQ? Only time will tell.

Pob, SophosLabs, UK

• Bookmark with del.icio.us
• Submit this story to digg
• Submit this story to slashdot