[nsp-sec] Stolen FTP credentials
Gabriel Iovino
giovino at ren-isac.net
Tue Aug 16 14:29:15 EDT 2011
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 8/16/2011 8:49 AM, Thomas Hungenberg wrote:
> Hi,
>
> please find below a list of stolen FTP login credentials found on a compromised server.
> I don't have information on how and when the credentials were stolen but there are
> indications they have been harvested on ZeuS infected PCs.
>
> Format: ASN | IP | CC | hostname | username | sanitized password | AS name
ACK:
> 3452 | 138.26.84.26 | US | ftp.eng.uab.edu | semlab | CS****** | UAB-AS - University of Alabama at Birmingham
> 7973 | 129.176.209.4 | US | ftp.mayo.edu | library | bo****** | MAYO - Mayo Foundation for Medical Education and Research
> 27234 | 143.48.220.121 | US | ftp2.cshl.edu | weissftp | pu****** | VEROXITY-CUST - Veroxity Technology Partners, Inc.
Thank you!
Gabe
- --
Gabriel Iovino
Principal Security Engineer, REN-ISAC
http://www.ren-isac.net
24x7 Watch Desk +1(317)278-6630
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (MingW32)
iEYEARECAAYFAk5KtvkACgkQwqygxIz+pTv87gCeJUbRhAxruwVZ63aSub1J17oR
fVAAnR1o3abgpvin/BftdeoeyWT17yp6
=3x5x
-----END PGP SIGNATURE-----
More information about the nsp-security
mailing list