[nsp-sec] ATTN Qwest/Akamai....Re: More compromised ftp accounts
Jose Nazario
jose at arbor.net
Fri Sep 4 17:18:09 EDT 2009
On Fri, 4 Sep 2009, Brian Eckman wrote:
> Hopefully this isn't a real security issue, but being a Symantec site
> license owner for a 50,000 or so node network, it worries me a smidge
> that organized criminals spreading malware are using (presumably) stolen
> credentials for hosts that places like ftp.symantec.com and
> liveupdate.symantec.com appear to reside on.
IIRC i investigated this some years ago. SYMC products download AV
updates over FTP with a read-only username and password combination. i'm
ASSUMING that the ones you saw were from there.
if so it's a non-issue AFAIR.
-------------------------------------------------------------
jose nazario, ph.d. <jose at arbor.net>
manager of security research arbor networks
v: (734) 821 1427 http://asert.arbor.net/
More information about the nsp-security
mailing list