[nsp-sec] *new* 09/22/2009 - Potentially compromised email credentials
Gabriel Iovino
giovino at ren-isac.net
Tue Sep 22 15:53:41 EDT 2009
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Greetings,
The REN-ISAC has obtained a list <see attached> of email addresses,
usernames, and passwords from a machine hosting a Phishing HTML form.
> hxxp://www.airwaveselectronic.com/phpFormGenerator/use/strongwaves/admin/data.dat
> hxxp://www.airwaveselectronic.com/phpFormGenerator/use/vasccuc/admin/data.dat
> hxxp://www.airwaveselectronic.com/phpFormGenerator/use/dontdewaves/admin/data.dat
> hxxp://www.airwaveselectronic.com/phpFormGenerator/use/checkonetow/admin/data.dat
> hxxp://www.airwaveselectronic.com/phpFormGenerator/use/airwavescon/admin/data.dat
> hxxp://www.airwaveselectronic.com/phpFormGenerator/use/airwaaves/admin/data.dat
[ip] 216.65.1.252
[as] 11388
[status] partially offline
I have reached out to airwaveselectronic.com; the data.dat files are
offline as of writing this email but the phpFormGenerator directory is
online. It is not clear if airwaves.. or the miscreants took the data
files offline.
The form was observed to be online as recent as 09/22/2009.
If the email address is a valid email address and the password meets
your password policy it might be a good idea to have the user reset
their password.
The ASN resolution is best effort as an MX is not always owned by the
same organization.
Please take whatever actions you deem appropriate and please let me know
if you have any questions or comments.
Regards.
Gabe
- --
Gabriel Iovino
Principal Security Engineer, REN-ISAC
http://www.ren-isac.net
24x7 Watch Desk +1(317)278-6630
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iEYEARECAAYFAkq5K0UACgkQwqygxIz+pTtKfACgw6OGovQKkHsmUZjh9+sIB91j
ncoAn0sTq0aldk+TW97+LusFNkheBFQN
=EggJ
-----END PGP SIGNATURE-----
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: nsp_sec_final.txt
URL: <https://puck.nether.net/mailman/private/nsp-security/attachments/20090922/6aa8b40f/attachment-0001.txt>
More information about the nsp-security
mailing list