The main man

In Billy’s post early he mentioned that the malware Mal/EncPk-EQ could call home.

During the analysis of this malware we have seen several different domains used for this call home. With a slightly different url-path in the more recent ones.

From

/ctl/crcmds/main

to

/tdss/crcmds/main

FootballerLooking at the domains there are a number of common points. The most common name is Yuriy Shestakov, a name familiar to those who have investigated Canadian Pharmacy spam and Anti-Virus Scareware.

Yuriy Shestakov is also the name of a Russian Footballer (is he the spammer?). Is Yuriy the main man behind Mal/EncPk-EQ? Only time will tell.