[nsp-sec] Stolen FTP credentials
Thomas Hungenberg
th.lab at hungenberg.net
Tue Feb 15 08:46:24 EST 2011
Dirk Stander schrieb:
> please find attached a list of stolen FTP-credentials, which have
> been used to inject IFrames (pointing to visions7[.]net or axstat[.]com)
> into legitimate web sites.
I've also seen these IFRAME targets injected (along with the above mentioned):
seastats.com
stxstats.com
zxstats.com
bali-planet.com
adsensestat.com
ntstats.com
All domains hosted on the same IP and registered through DOMAINCONTEXT.
- Thomas
CERT-Bund Incident Response & Anti-Malware Team
More information about the nsp-security
mailing list