[nsp-sec] NACK 7992 RE: 6k probably compromised FTP accounts

Krista Hickey Krista.Hickey at cogeco.com
Fri Apr 4 13:39:54 EDT 2008 

>Tom Fischer wrote:
>
>Hi,
>
>attached (the second part of) a list of probably compromised 
>FTP accounts. The data is based on an iframer toolkit 
>(a toolkit which uses stolen FTP credentials to add 
>iframes/JavaScript/...).
>
>I've removed the ftp passwords for obvious reasons.
>The data is not verified.

Our sole entry in both the previous list and this list is actually our
corporate webserver, I spoke with the IT security guy responsible for
the webserver this morning and he's investigated and there are no FTP
services running on this machine nor have their been since he can
remember. He's going to take a look at his logs and get the webteam to
review any iframe references in their pages but given the lack of FTP
services running and the fact that the logins don't ring any bells for
anyone I'd have to guess this is either very old list (ie: maybe that IP
was used for a box that had FTP 5+ years ago) or bogus, has anyone else
represented on the list been able to confirm there's an issue?

Thanks
Krista
7992 
 
Do you really need to print this email? Help preserve our environment! Devez-vous vraiment imprimer ce courriel? Pensons a l'environnement!
__________________________________________________________
 
The information in this message, including in all attachments, is confidential or privileged. In the event you have received this message in error and are not the intended recipient, you are hereby advised that any use, copying or reproduction of this document is strictly forbidden. Please notify immediately the sender of this error and destroy this message, including its attachments, as the case may be.
 
L'information apparaissant dans ce message electronique et dans les documents qui y sont joints est de nature confidentielle ou privilegiee. Si ce message vous est parvenu par erreur et que vous n'en etes pas le destinataire vise, vous etes par les presentes avise que toute utilisation, copie ou distribution de ce message est strictement interdite. Vous etes donc prie d'en informer immediatement l'expediteur et de detruire ce message, ainsi que les documents qui y sont joints, le cas echeant.

__________________________________________________________

More information about the nsp-security mailing list