[nsp-sec] Stolen FTP credentials

Thu Apr 28 16:01:18 EDT 2011

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 4/28/2011 5:23 AM, Thomas Hungenberg wrote:
> Hi,
> 
> please find below a list of stolen FTP login credentials found in a FTP grabber dropzone.
> According to timestamps, the credentials were harvested on infected client PCs
> from 2011-04-20 until 2011-04-25.

ACK:

> 47|skywalker.usc.edu
> 237|people.emich.edu
> 237|emunix.emich.edu
> 237|emunix.emich.edu
> 237|emunix.emich.edu
> 237|emunix.emich.edu
> 237|emunix.emich.edu
> 7939|132.170.138.43
> 7939|FTP.WUCF.org
> 10546|ra.msstate.edu
> 11745|unhinfo.unh.edu
> 18794|msetdata.rst2.edu
> 18794|msetdata.rst2.edu

Thank you!

Gabe

- --
Gabriel Iovino
Principal Security Engineer, REN-ISAC
http://www.ren-isac.net
24x7 Watch Desk +1(317)278-6630
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAk25x40ACgkQwqygxIz+pTtTfgCgiDj1wnjhizM7CUBtEH9nLGPV
RzIAoM8IF00PRhVt6B9St11V3BktnRfr
=wwcv
-----END PGP SIGNATURE-----