[nsp-sec] Pinch C&C with compromised FTP accounts (5000+)
David Freedman
david.freedman at uk.clara.net
Fri Jun 6 16:56:42 EDT 2008
Does anybody have a copy of this? It is no longer available.
Dav.e
------------------------------------------------
David Freedman
Group Network Engineering
Claranet Limited
http://www.clara.net
-----Original Message-----
From: nsp-security-bounces at puck.nether.net on behalf of Chris Morrow
Sent: Fri 6/6/2008 17:52
To: Dave Woutersen (GOVCERT.NL)
Cc: E-mail Nsp-Security
Subject: Re: [nsp-sec] Pinch C&C with compromised FTP accounts (5000+)
----------- nsp-security Confidential --------
On Fri, 6 Jun 2008, Dave Woutersen (GOVCERT.NL) wrote:
> ----------- nsp-security Confidential --------
>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Hi all,
>
> The following URL leads to a list of compromised FTP-accounts.
>
> http://87.118.110.78/pinch/ftp.txt
>
> Ive contacted CERT-Bund for this but other might find it interesting to
> check (for as long as it is available) and see if any of there users are
> compromised.
grep for things like:
bank
medical
interesting... some of the compromised sites look like staging grounds for
bad things though:
ftp://adult-dating:Cb0Jwj92@nasty-pages.com
has some spam-generating php code on it... along with some testing code
for perlmodules and such, perhaps that's data uploaded by the aggregators
of the ftp logins :)
-Chris
_______________________________________________
nsp-security mailing list
nsp-security at puck.nether.net
https://puck.nether.net/mailman/listinfo/nsp-security
Please do not Forward, CC, or BCC this E-mail outside of the nsp-security
community. Confidentiality is essential for effective Internet security counter-measures.
_______________________________________________
More information about the nsp-security
mailing list