[nsp-sec] Pinch C&C with compromised FTP accounts (5000+)
Chris Morrow
morrowc at ops-netman.net
Fri Jun 6 17:08:16 EDT 2008
On Fri, 6 Jun 2008, David Freedman wrote:
>
> Does anybody have a copy of this? It is no longer available.
http://docs.as701.net/tmp/ftp.txt
>
> Dav.e
>
> ------------------------------------------------
> David Freedman
> Group Network Engineering
> Claranet Limited
> http://www.clara.net
>
>
>
> -----Original Message-----
> From: nsp-security-bounces at puck.nether.net on behalf of Chris Morrow
> Sent: Fri 6/6/2008 17:52
> To: Dave Woutersen (GOVCERT.NL)
> Cc: E-mail Nsp-Security
> Subject: Re: [nsp-sec] Pinch C&C with compromised FTP accounts (5000+)
>
> ----------- nsp-security Confidential --------
>
>
>
> On Fri, 6 Jun 2008, Dave Woutersen (GOVCERT.NL) wrote:
>
>> ----------- nsp-security Confidential --------
>>
>> -----BEGIN PGP SIGNED MESSAGE-----
>> Hash: SHA1
>>
>> Hi all,
>>
>> The following URL leads to a list of compromised FTP-accounts.
>>
>> http://87.118.110.78/pinch/ftp.txt
>>
>> Ive contacted CERT-Bund for this but other might find it interesting to
>> check (for as long as it is available) and see if any of there users are
>> compromised.
>
> grep for things like:
>
> bank
> medical
>
> interesting... some of the compromised sites look like staging grounds for
> bad things though:
>
> ftp://adult-dating:Cb0Jwj92@nasty-pages.com
>
> has some spam-generating php code on it... along with some testing code
> for perlmodules and such, perhaps that's data uploaded by the aggregators
> of the ftp logins :)
>
> -Chris
>
>
> _______________________________________________
> nsp-security mailing list
> nsp-security at puck.nether.net
> https://puck.nether.net/mailman/listinfo/nsp-security
>
> Please do not Forward, CC, or BCC this E-mail outside of the nsp-security
> community. Confidentiality is essential for effective Internet security counter-measures.
> _______________________________________________
>
>
More information about the nsp-security
mailing list