[nsp-sec] Pinch C&C with compromised FTP accounts (5000+)
Chris Morrow
morrowc at ops-netman.net
Fri Jun 6 12:52:24 EDT 2008
On Fri, 6 Jun 2008, Dave Woutersen (GOVCERT.NL) wrote:
> ----------- nsp-security Confidential --------
>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Hi all,
>
> The following URL leads to a list of compromised FTP-accounts.
>
> http://87.118.110.78/pinch/ftp.txt
>
> Ive contacted CERT-Bund for this but other might find it interesting to
> check (for as long as it is available) and see if any of there users are
> compromised.
grep for things like:
bank
medical
interesting... some of the compromised sites look like staging grounds for
bad things though:
ftp://adult-dating:Cb0Jwj92@nasty-pages.com
has some spam-generating php code on it... along with some testing code
for perlmodules and such, perhaps that's data uploaded by the aggregators
of the ftp logins :)
-Chris
More information about the nsp-security
mailing list