[nsp-sec] ACK AS1221 Stolen FTP credentials

[Saunders, D'Wayne S]

ACK AS1221

Thank You
D'Wayne Saunders
Telstra Networks and Services,

-----Original Message-----
From: nsp-security-bounces at puck.nether.net
[mailto:nsp-security-bounces at puck.nether.net] On Behalf Of Thomas Hungenberg
Sent: Thursday, 28 April 2011 7:23 PM
To: nsp-sec
Subject: [nsp-sec] Stolen FTP credentials

----------- nsp-security Confidential --------

Hi,

please find below a list of stolen FTP login credentials found in a FTP
grabber dropzone.
According to timestamps, the credentials were harvested on infected client
PCs
from 2011-04-20 until 2011-04-25.

Format: ASN | IP | CC | hostname | username | sanitized password | AS desc |
Abuse contact


     - Thomas

CERT-Bund Incident Response & Anti-Malware Team


1221  | 203.39.136.5    | AU | ftp.ddb.com.au            | bullseye
| bu****** | ASN-TELSTRA Telstra Pty Ltd | abuse at telstra.net
1221  | 203.39.136.5    | AU | ftp.ddb.com.au            | external
| bu****** | ASN-TELSTRA Telstra Pty Ltd | abuse at telstra.net
1221  | 203.39.136.5    | AU | ftp.ddb.com.au            | external/bullseye
| bu****** | ASN-TELSTRA Telstra Pty Ltd | abuse at telstra.net
1221  | 203.39.59.227   | AU | 203.39.59.227             | cstjp001
| 0V****** | ASN-TELSTRA Telstra Pty Ltd | abuse at telstra.net
1221  | 203.39.59.227   | AU | 203.39.59.227             | prgftp
| Sy****** | ASN-TELSTRA Telstra Pty Ltd | abuse at telstra.net
1221  | 203.39.59.227   | AU | 203.39.59.227             | prgtw
| Cf****** | ASN-TELSTRA Telstra Pty Ltd | abuse at telstra.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 9110 bytes
Desc: not available
URL: <https://puck.nether.net/mailman/private/nsp-security/attachments/20110429/ff8706f2/attachment-0001.bin>