[nsp-sec] ACK: Re: Potentially compromised email credentials
Justin M. Streiner
streiner at cluebyfour.org
Mon Mar 1 12:01:11 EST 2010
ACK - sanitized report sent to AS15227.
jms
-------------- next part --------------
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Greetings,
The REN-ISAC has obtained a list <see attached> of email addresses,
usernames, and passwords from a machine hosting several Phishing HTML forms.
[URLs]
hxxp://www.cuttingedgedjs.com/EmailForm/use/helpdesk/form1.html
hxxp://www.cuttingedgedjs.com/EmailForm/use/webmail/form1.html
hxxp://www.cuttingedgedjs.com/EmailForm/use/54433/form1.html
hxxp://www.cuttingedgedjs.com/EmailForm/use/56553/form1.html
hxxp://www.cuttingedgedjs.com/EmailForm/use/45333/form1.html
hxxp://www.cuttingedgedjs.com/EmailForm/use/43433/form1.html
hxxp://www.cuttingedgedjs.com/EmailForm/use/2341/form1.html
[Status] Offline
These forms was observed to be online as recent as 02/26/2010.
We have had one .edu confirm that a user responded to a phish and then
quickly change his credentials. The .edu then saw failed webmail login
attempts from Nigeria.
If the email address is a valid email address and the password meets
your password policy it might be a good idea to have the user reset
their password.
The ASN resolution is best effort as an MX is not always owned by the
same organization.
Please take whatever actions you deem appropriate and please let me know
if you have any questions or comments.
Gabe
- --
Gabriel Iovino
Principal Security Engineer, REN-ISAC
http://www.ren-isac.net
24x7 Watch Desk +1(317)278-6630
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iEYEARECAAYFAkuIOmkACgkQwqygxIz+pTtvuACeJkFm0qDtROgVAQPq/OxRJtFh
gnsAnRd0ZzA4il9S7xePgID0asywtSlm
=hVIl
-----END PGP SIGNATURE-----
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: nsp_sec_final.txt
URL: <https://puck.nether.net/mailman/private/nsp-security/attachments/20100301/16f6ff55/attachment-0001.txt>
-------------- next part --------------
_______________________________________________
nsp-security mailing list
nsp-security at puck.nether.net
https://puck.nether.net/mailman/listinfo/nsp-security
Please do not Forward, CC, or BCC this E-mail outside of the nsp-security
community. Confidentiality is essential for effective Internet security counter-measures.
_______________________________________________
More information about the nsp-security
mailing list