[nsp-sec] ACK: Some more compromised ftp accounts
Rodolfo Baader
rbaader at arcert.gov.ar
Fri Sep 11 11:36:39 EDT 2009
Hi!
ACK for AR ASNs: 7303, 11664, 27823
Notifications were sent to the abuse/noc departments.
R.
Thomas Hungenberg wrote:
> ----------- nsp-security Confidential --------
>
>
>
> ------------------------------------------------------------------------
>
> Hi teams,
>
> Roman from abuse.ch came across another list of stolen ftp credentials
> on a server hosting a Zeus controller.
>
> Please find attached a sanitized list (pw removed) of 391 ftp accounts
> that were not included in the lists I recently posted here.
>
> Format: ASN | IP | CC | ftp username | AS name
>
> Top 10 country codes:
>
> 139 US
> 29 RU
> 29 DE
> 25 FR
> 22 TR
> 20 NL
> 17 PL
> 13 HU
> 12 KR
> 11 TH
> 10 GB
>
>
> - Thomas
>
> CERT-Bund Incident Response & Anti-Malware Team
>
>
>
> ------------------------------------------------------------------------
>
>
>
> _______________________________________________
> nsp-security mailing list
> nsp-security at puck.nether.net
> https://puck.nether.net/mailman/listinfo/nsp-security
>
> Please do not Forward, CC, or BCC this E-mail outside of the nsp-security
> community. Confidentiality is essential for effective Internet security counter-measures.
> _______________________________________________
More information about the nsp-security
mailing list