[nsp-sec] Stolen FTP credentials - ACK 109
Chip Ho
chipho at cisco.com
Tue Aug 16 10:39:06 EDT 2011
On 8/16/11 2:49 AM, Thomas Hungenberg wrote:
> ----------- nsp-security Confidential --------
>
> Hi,
>
> please find below a list of stolen FTP login credentials found on a
> compromised server.
> I don't have information on how and when the credentials were stolen but
> there are
> indications they have been harvested on ZeuS infected PCs.
>
> Format: ASN | IP | CC | hostname | username | sanitized password | AS name
>
>
> - Thomas
>
> CERT-Bund Incident Response & Anti-Malware Team
>
>
> 109 | 192.133.243.133 | US | ftp.sciatl.com |
> svtcharter | c&****** | CISCO-EU-109 Cisco Systems Global ASN -
> ARIN Assigned
> 109 | 72.163.7.54 | US | ftp.cisco.com |
> dafanasiev | wR****** | CISCO-EU-109 Cisco Systems Global ASN -
> ARIN Assigned
> 109 | 72.163.7.54 | US | ftp.cisco.com |
> kortek | k0****** | CISCO-EU-109 Cisco Systems Global ASN -
> ARIN Assigned
> 109 | 72.163.7.54 | US | ftp.cisco.com |
> ykuzin | to****** | CISCO-EU-109 Cisco Systems Global ASN -
> ARIN Assigned
> 109 | 72.163.7.54 | US | ftp.cisco.com |
> zl at autocont.cz | mo****** | CISCO-EU-109 Cisco Systems Global ASN -
> ARIN Assigned
> 109 | 72.163.7.54 | US | ftp-sj.cisco.com |
> littlevik | ij****** | CISCO-EU-109 Cisco Systems Global ASN -
> ARIN Assigned
> 109 | 72.163.7.54 | US | ftp-sj.cisco.com |
> mkaminsky | St****** | CISCO-EU-109 Cisco Systems Global ASN -
> ARIN Assigned
> 109 | 72.163.7.54 | US | ftp-sj.cisco.com |
> nikulinspe | 30****** | CISCO-EU-109 Cisco Systems Global ASN -
> ARIN Assigned
> 109 | 72.163.7.54 | US | ftp-sj.cisco.com |
> zl at autocont.cz | mo****** | CISCO-EU-109 Cisco Systems Global ASN -
> ARIN Assigned
More information about the nsp-security
mailing list