[nsp-sec] Compromised ftp accounts
Nick Hilliard
nick at inex.ie
Tue Aug 25 07:33:57 EDT 2009
On 25/08/2009 11:52, Thomas Hungenberg wrote:
> The gzip'ed attachment did not make it to the list, so I'm sending the list
> again uncompressed.
Proxy ack for a bunch of the IE ASNs, one of whom notes:
"- There's probably a lot more than that
- As fast as we find them, more appear.
- Problem is that there's very little we can do. We disable the account,
tell customer why, they claim they're computer is clean and they would
*NEVER* leave their AV lapse.
- Reenable account, and a few minutes later, it's compromised again.
- I've blocked most of the old eastern block and almost all of china from
FTP access which has helped a bit."
Nick
More information about the nsp-security
mailing list