[nsp-sec] More password stealers and drops - AS13301, AS24940, AS7738,

Matthew McGlashan matthew at auscert.org.au
Sun Mar 30 20:31:50 EDT 2008 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

G'day again Jose,

> On Fri, 28 Mar 2008, Matthew McGlashan wrote:
> 
> > How are you handling this data?  Need a hand processing it and 
> > disseminating to the rightful owners?
> 
> actually, i'm not attempting to pass it on to the account owners. i had 
> looked at it and thought, "in some cases there's enough to determine which 
> account owner to pass it along to", ie an email address.
> 
> what did you have in mind?

We've been doing quite a bit of compromised account details (usually from
trojans such as Bzub and nethell etc).  In general, we bundle up all the
accounts we can identify for a particular domain (eg paypal, ebay, ANZ
bank etc) and send that to the security contacts for that domain.  This
is done for multinational orgs we have specific contacts for and for all
Australian orgs.  Failing this rule we go by ccTLD and geoip and send to
the relevant CERT (eg for domains .fi and geoip to Finland all go to
CERT-FI etc).  

It is all done on a best-effort basis but we seem to have the process down
as best we can.

Happy to give it a go with your data if you like.  

Best regards,

- -- Matthew McGlashan --
Coordination Centre Team Leader             | Hotline: +61 7 3365 4417
Australian Computer Emergency Response Team | Direct:  +61 7 3365 7924
(AusCERT)                                   | Fax:     +61 7 3365 7031
The University of Queensland                | WWW:     www.auscert.org.au
Qld 4072 Australia                          | Email: auscert at auscert.org.au

> -------------------------------------------------------------
> jose nazario, ph.d.     <jose at arbor.net>
> security researcher, office of the CTO,  arbor networks
> v: (734) 821 1427 	      http://asert.arbornetworks.com/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (FreeBSD)
Comment: http://www.auscert.org.au/render.html?it=1967
Comment: http://www.auscert.org.au/render.html?it=1967

iQCVAwUBR/Aw9Ch9+71yA2DNAQJ76gP/dVJZ6qRT1MfbEOJElL/Uf4lPiiTioD9v
hVynnGDB9L6QBbegFprqPafLUqbtGhiCgnhLTRFel3rh+ey8ezEEdSJ+cVmGzilz
HhfpQV9Brk8kVcnHNXwggVrvIExnoPgZ1IKODiURmxz0Eo7iO+wJae37qGCvWok9
Shg5wIz5nmI=
=RiE7
-----END PGP SIGNATURE-----

More information about the nsp-security mailing list