[nsp-sec] ACK 174 RE: Stolen FTP credentials

Shelton, Steve sshelton at Cogentco.com
Tue Aug 16 08:59:49 EDT 2011 

Thanks!  ACK for 174.

Steve Shelton
Sec Engineer
Cogent Communications
sshelton at cogentco.com

-----Original Message-----
From: nsp-security-bounces at puck.nether.net [mailto:nsp-security-bounces at puck.nether.net] On Behalf Of Thomas Hungenberg
Sent: Tuesday, August 16, 2011 8:49 AM
To: nsp-sec
Subject: [nsp-sec] Stolen FTP credentials

----------- nsp-security Confidential --------

Hi,

please find below a list of stolen FTP login credentials found on a compromised server.
I don't have information on how and when the credentials were stolen but there are
indications they have been harvested on ZeuS infected PCs.

Format: ASN | IP | CC | hostname | username | sanitized password | AS name


     - Thomas

CERT-Bund Incident Response & Anti-Malware Team


   174 | 195.210.49.234  | EU | ftp.cetto.de              | mt               | mt****** | COGENT Cogent/PSI
   174 | 204.1.171.11    | US | ftp.millerkaplanxray.com  | hstone.kblx.com  | 6l****** | COGENT Cogent/PSI
   174 | 204.1.171.11    | US | ftp.millerkaplanxray.com  | rfranklin.kfox.com | 1s****** | COGENT Cogent/PSI
   174 | 212.23.195.39   | FR | ftp.eyedea.fr             | editing          | hf****** | COGENT Cogent/PSI
   174 | 212.23.195.39   | FR | ftp.gamma.fr              | agents           | di****** | COGENT Cogent/PSI
   174 | 212.23.195.39   | FR | ftp.gamma.fr              | editing          | hf****** | COGENT Cogent/PSI
   174 | 38.100.136.5    | US | ftp01.amcad.com           | excis            | se****** | COGENT Cogent/PSI
   174 | 38.100.19.104   | US | ftp.webng.com             | ipmonitor        | to****** | COGENT Cogent/PSI
   174 | 38.100.19.104   | US | ftp.webng.com             | primitiva        | ha****** | COGENT Cogent/PSI
   174 | 38.100.19.104   | US | ftp.webng.com             | volleysalerno    | as****** | COGENT Cogent/PSI
   174 | 38.100.19.105   | US | ftp.deportivodecanarias.webng.com | deportivodecanarias | 17****** | COGENT Cogent/PSI
   174 | 38.100.19.122   | US | ftp.deportivodecanarias.webng.com | deportivodecanarias | 17****** | COGENT Cogent/PSI
   174 | 38.100.29.4     | US | ftp.mctinfoservices.com   | buro             | bu****** | COGENT Cogent/PSI
   174 | 38.105.105.87   | US | ftp.intersys.com          | ensoft           | y3****** | COGENT Cogent/PSI
   174 | 38.105.105.87   | US | ftp.intersys.com          | svyaznoy         | uR****** | COGENT Cogent/PSI
   174 | 38.112.96.41    | US | ftp.fastraksys.com        | taylor           | 47****** | COGENT Cogent/PSI
   174 | 38.117.96.65    | US | ftp.samasystem.com        | samasystem.com   | 12****** | COGENT Cogent/PSI
   174 | 38.117.97.230   | US | ftp.mizban-ins.com        | mizban-ins.com   | BJ****** | COGENT Cogent/PSI
   174 | 38.127.194.213  | US | ftp.cyveillance.com       | cs_ftp           | 8x****** | COGENT Cogent/PSI
   174 | 38.64.132.226   | US | ftp.iqstorage.com         | c4p              | c4****** | COGENT Cogent/PSI
   174 | 38.97.79.99     | US | ftp.invention-machine.com | imc-japan        | pw****** | COGENT Cogent/PSI
   174 | 38.99.5.137     | US | ftp.wildplanet.com        | wpguest          | gu****** | COGENT Cogent/PSI
   174 | 91.197.248.104  | DK | ftp.bilting.dk            | bilting          | bt****** | COGENT Cogent/PSI


_______________________________________________
nsp-security mailing list
nsp-security at puck.nether.net
https://puck.nether.net/mailman/listinfo/nsp-security

Please do not Forward, CC, or BCC this E-mail outside of the nsp-security
community. Confidentiality is essential for effective Internet security counter-measures.
_______________________________________________

More information about the nsp-security mailing list