[nsp-sec] Stolen FTP credentials - ACK: 2119

Helge Aksdal helge.aksdal at telenor.com
Tue Aug 16 10:16:42 EDT 2011 

Hi,

* Thomas Hungenberg (2011-08-16 14:49):

> ----------- nsp-security Confidential --------
> 
> Hi,
> 
> please find below a list of stolen FTP login credentials found on a compromised server.
> I don't have information on how and when the credentials were stolen but there are
> indications they have been harvested on ZeuS infected PCs.
> 
> Format: ASN | IP | CC | hostname | username | sanitized password | AS name
> 
>      - Thomas
> 
>   2119 | 148.122.161.133 | NO | ftp.home.online.no        | vestad           | ay****** | TELENOR-NEXTEL Telenor Norge AS
>   2119 | 193.212.132.105 | NO | ftp.dnv.com               | biorisk          | 34****** | TELENOR-NEXTEL Telenor Norge AS
>   2119 | 193.212.132.105 | NO | ftp.dnv.com               | TorBjarne        | Ve****** | TELENOR-NEXTEL Telenor Norge AS
>   2119 | 195.54.106.116  | SE | ftp01.bredband.net        | eliasgerges      | 89****** | TELENOR-NEXTEL Telenor Norge AS
>   2119 | 195.54.106.116  | SE | ftp.bredband.net          | alkbar           | bi****** | TELENOR-NEXTEL Telenor Norge AS
>   2119 | 195.54.106.116  | SE | ftp.bredband.net          | b501123          | QE****** | TELENOR-NEXTEL Telenor Norge AS
>   2119 | 195.54.106.116  | SE | ftp.bredband.net          | eliasgerges      | 89****** | TELENOR-NEXTEL Telenor Norge AS
>   2119 | 195.54.106.116  | SE | ftp.bredband.net          | geodit           | 89****** | TELENOR-NEXTEL Telenor Norge AS
>   2119 | 195.54.106.116  | SE | ftp.bredband.net          | indian_trail     | fu****** | TELENOR-NEXTEL Telenor Norge AS
>   2119 | 195.54.106.116  | SE | ftp.bredband.net          | susie            | es****** | TELENOR-NEXTEL Telenor Norge AS
>   2119 | 195.54.106.116  | SE | ftp.bredband.net          | wampire          | ok****** | TELENOR-NEXTEL Telenor Norge AS
>   2119 | 213.163.128.160 | SE | ftp.algonet.se            | royson           | eh****** | TELENOR-NEXTEL Telenor Norge AS
>   2119 | 213.163.128.161 | SE | ftp.algonet.se            | royson           | eh****** | TELENOR-NEXTEL Telenor Norge AS
>   2119 | 82.182.132.128  | SE | ftp.moma.nu               | kvm              | ve****** | TELENOR-NEXTEL Telenor Norge AS
>   2119 | 89.221.106.22   | NO | ftp.enkeledi.no           | tronder          | 04****** | TELENOR-NEXTEL Telenor Norge AS
>   8434 | 194.68.195.60   | SE | ftp.elanders.se           | saab_pas         | sk****** | TELENOR-SE Telenor Sweden
>   8434 | 62.119.132.5    | SE | ftp.six.se                | carnegie         | av****** | TELENOR-SE Telenor Sweden
>   8434 | 62.119.28.117   | SE | ftp.spegeln.se            | spegeln-ftp      | 9W****** | TELENOR-SE Telenor Sweden

ACK, and thanks! :)

-- 
Helge Aksdal 
Telenor

More information about the nsp-security mailing list