[nsp-sec] Compromised ftp accounts

Gabriel Iovino giovino at ren-isac.net
Mon Jun 15 09:03:45 EDT 2009 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Thomas Hungenberg wrote:
> Hi,
> 
> I received a list of 4025 ftp login credentials found on a compromised server.
> 
> Please find attached the list along with ASN/IP info (passwords changed to ********).

Sanitized notifications have been sent to the following:

> 59      | 128.104.70.79    | US | ftp://uwchem:********@nmrsnap.chem.wisc.edu | WISC-MADISON-AS - University of Wisconsin Madison
> 81      | 152.46.7.80      | US | ftp://ftp:********@ftp.ibiblio.org | NCREN - MCNC
> 1970    | 165.95.13.24     | US | ftp://updatesis:********@atcftp.tamucc.edu | TAMUS-NET - Texas A&M University
> 2572    | 207.160.23.247   | US | ftp://.eedwards.students.culver:********@ftp.culver.edu | MORENET - Missouri Research and Education Network (MOREnet)
> 2914    | 161.58.27.84     | US | ftp://bill:********@acupuncture.edu | NTT-COMMUNICATIONS-2914 - NTT America, Inc.
> 2914    | 161.58.27.84     | US | ftp://bill:********@www.acupuncture.edu | NTT-COMMUNICATIONS-2914 - NTT America, Inc.
> 4511    | 129.171.33.84    | US | ftp://zha:********@apollo.eng.miami.edu | MIAMI-EDU - University of Miami
> 6389    | 192.251.101.193  | US | ftp://msu-ksydboten:********@www.students.mcneese.edu | BELLSOUTH-NET-BLK - BellSouth.net Inc.
> 12173   | 130.160.47.127   | US | ftp://aldotftp:********@care.cs.ua.edu | UA - The University of Alabama
> 13327   | 157.89.36.201    | US | ftp://tasha_ferron:********@studentsrv.student.eku.edu | EKU - Eastern Kentucky University
> 13371   | 152.3.160.3      | US | ftp://ferna02c:********@home.fuqua.duke.edu | DUKE-INTERCHANGE - Duke University
> 13385   | 204.153.79.3     | US | ftp://mpearc11:********@student.ccbcmd.edu | COMCAST-TELECOMM - Comcast Telecommunications, Inc.
> 14710   | 66.37.229.222    | US | ftp://portfolio116:********@academic1.bellevue.edu | ASN-CXA-OM-14710-CBS - Cox Communications Omaha, L.L.C.
> 20452   | 147.226.21.114   | US | ftp://tafrohberg:********@tafrohberg.iweb.bsu.edu | BSU - BALL STATE UNIVERSITY
> 22742   | 137.99.15.69     | US | ftp://mtt02001:********@fester.engr.uconn.edu | CT-ED-NET - State of Connecticut Dept of InformationTechnology
> 25776   | 129.15.10.24     | US | ftp://ece4113:********@ouwww.ou.edu | UNIV-OF-OKLAHOMA - University of Oklahoma
> 25776   | 129.15.10.24     | US | ftp://ece5173:********@ouwww.ou.edu | UNIV-OF-OKLAHOMA - University of Oklahoma
> 26255   | 192.234.16.10    | US | ftp://ctieng8995:********@student.oakton.edu | OAKTONCOMMUNITYCOLLEGE - Oakton Community College
> 26335   | 161.45.251.150   | US | ftp://bizlablabguest:********@raptor.bizlab.mtsu.edu | MTSU - Middle Tennessee State University
> 36375   | 141.211.3.28     | US | ftp://.avwin7.languest.itd.umich:********@heimlich.lngs.itd.umich.edu | UMICH-AS-5 - University of Michigan


Thank you.

Gabe

- --
Gabriel Iovino
Principal Security Engineer, REN-ISAC
http://www.ren-isac.net
24x7 Watch Desk +1(317)278-6630
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.10 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iEYEARECAAYFAko2RrEACgkQwqygxIz+pTs3zACgg78TDy2fX1VgASpHQyQmVCRC
tDkAnA1+TalP43P55nMN5ReGpUOKNP3o
=I64B
-----END PGP SIGNATURE-----

More information about the nsp-security mailing list