[nsp-sec] Compromised ftp accounts - ACK AU ASNs
Zane Jarvis
zane at auscert.org.au
Mon Jun 15 22:36:37 EDT 2009
Thanks Thomas.
Below are the AU ASNs we sanitised and forwarded on.
We also found at least 90% of them had some drive-by malware inserted on
their website. The first one has open root directory and malware and CP SEO
and/or references.
hxxp;//www,roam,id,au =>
http://wepawet.iseclab.org/view.php?hash=806b63e9682f299a2df656e17f4ee52b&t=
1245118181&type=js
hxxp;//www,icaimathura,com =>
http://wepawet.iseclab.org/view.php?hash=b5c9f0cb7c1e3424e250c7c7b1013c5a&t=
1245118606&type=js
Cheers
Zane.
AU ASNs
=======
10113
10223
17409
17477
17497
17756
17766
18117
23646
23857
24093
24238
24446
24541
24557
25973
2764
36670
38220
38877
45201
45454
4739
4764
4802
4804
4851
4854
703
7496
7543
7545
7578
7703
9280
9313
9328
9443
9466
9556
9716
9822
More information about the nsp-security
mailing list