[nsp-sec] ACK 4323 RE: compromised websites (ZeuS drive-by downloads)

[Gassen, Derek]

ACK 4323

.: Dirk Stander (Mon, Apr 27, 2009 at 06:02:07PM +0200)
> Please find attached a list of ~10.000 compromised websites that
showed up in the Referers.

ACK 8560 15418

I guess the FTP-credentials of those users are `in the wild', some
peeking into the FTP logs revealed frequent connections from
213.155.10.176 (at for example 20/Apr/2009:09:00:00 UTC).

    regards, Dirk Stander (1&1) :.

---


The content contained in this electronic message is not intended to constitute
formation of a contract binding tw telecom.  tw telecom will be contractually
bound only upon execution, by an authorized officer, of a contract including
agreed terms and conditions or by express application of its tariffs.  This message
is intended only for the use of the individual or entity to which it is addressed. If
the reader of this message is not the intended recipient, or the employee or agent
responsible for delivering the message to the intended recipient, you are hereby
notified that any dissemination, distribution or copying of this message is strictly
prohibited. If you have received this communication in error, please notify us
immediately by replying to the sender of this E-Mail or by telephone.