[nsp-sec] Stolen FTP credentials

Tue Feb 15 10:56:57 EST 2011

Hi Dirk,

ACK for 13041, 21193 (direct constituency) and being proxyfied to rest of ES ISP's through trusted peers:

> 766 | REDIRIS RedIRIS Autonomous System
> 3352 | TELEFONICA-DATA-ESPANA Internet Access Network of TDE
> 4589 | EASYNET Easynet Global Services
> 5400 | BT BT European Backbone
> 6739 | ONO-AS Cableuropa - ONO
> 6750 | SDR Soluciones Dinamicas de la Red, S.L.
> 6813 | FLEXNET Autonomous System
> 8239 | Landsraad Autonomous System
> 8311 | REDESTEL Redestel Networks S.L.
> 8426 | CLARANET-AS ClaraNET
> 8903 | AS8903 BT ESPAÃ‘A, COMPAÃ‘IA DE SERVICIOS GLOBALES DE TELECOMUNICACIONES, S.A.
> 12357 | COMUNITEL VODAFONE ESPANA, S.A.U.
> 12386 | ASALPI Orange Catalunya Xarxes de Telecomunicacions S.A.
> 12430 | VODAFONE_ES VODAFONE ES AS
> 12479 | UNI2-AS France Telecom Espana SA
> 12521 | NOVA_INTERNET_AS12521 Nova Internet Network
> 12541 | BTESPANA BT Espana Integracion General de Sistemas, S.L.U.
> 12715 | JAZZNET Jazz Telecom S.A.
> 12769 | IBER-X LET_S GOWEX, S.A.
> 12860 | AXARNET-NETWORK Red_Axarnet_Madrid
> 13287 | NIXVAL NIXVAL Data Center
> 15699 | AS_ADAM Network ADAM DATACENTER - www.adamdatacenter.es
> 15732 | IBERBANDA-SPAIN Iberbanda AS for Spanish operations
> 15734 | IDH Telvent Housing, S.A.
> 15915 | IBERCOM WORLD WIDE WEB IBERCOM
> 15919 | INTERHOST Interhost AS
> 16030 | ALTECOM Altecom AS (Alta Tecnologia en Comunicaciones, S.L.)
> 16168 | GENETSIS Genetsis Internet Partners AS
> 16206 | ABRARED NEO-SKY 2002 Autonomous System 1
> 16338 | ONO-AS2 Cableuropa - ONO
> 16371 | ACENS_AS acens technologies
> 20648 | RAN-NETWORKS RAN Networks S.L.
> 20718 | AS_ARSYS-EURO-1 arsys.es
> 20838 | YIF-AS Ya.com Internet Factory
> 24592 | NEXICA-AS Nexica is a telecommunications oriented company located in Barcelona (Spain)
> 29119 | SERVIHOSTING-AS ServiHosting Networks S.L.
> 31418 | SOGECABLE-ES-AS SOGECABLE Autonomous System
> 31577 | PRORED ProRed Comunicaciones Autonomous System
> 31653 | FILNET-AS Filnet Serveis i Comunicacions, SL
> 34977 | PROCONO-AS PROCONO S.A.
> 35368 | DATAHOUSE ============================================
> 35581 | SEASUNTEL Seasuntel, S.L.
> 39020 | COMVIVE-AS Comvive Servidores S.L.
> 39155 | CABLESUR Cablesur Comunicaciones S.A.
> 41287 | IPEOPLE Internet People SL
> 41541 | SWEB-AS Serveisweb
> 42083 | NOGRAVITY-AS NoGravity S.L.
> 42237 | INTERDOMINIOS Grupo Interdominios S.A.
> 42612 | DINAHOSTING-AS ASN de Dinahosting SL
> 43578 | EANET Internet Networks Eanet, S.L. Barcelona Spain
> 44428 | ES-ALNUS-BACKBONE Alnus Internet SL
> 44497 | REDCORUNA-AS REDCORUNA
> 44652 | SYNC-AS SYNC Intertainment
> 45037 | HISPAWEB-NETWORK Propelin Consulting S.L.U.
> 49635 | SILICON SILICONTOWER, S.L.
> 50926 | INFORTELECOM-AS Infortelecom Hosting, S.L.
> 196713 | ABANSYS_AND_HOSTYTEC-AS Abansys & Hostytec, S.L.
> 196834 | SOFTEC_INTERNET Softec Internet, S.L.

Regards,

-- Carlos

On Feb 15, 2011, at 2:35 PM, Dirk Stander wrote:

> ----------- nsp-security Confidential --------
> 
> Hi Teams,
> 
> please find attached a list of stolen FTP-credentials, which have
> been used to inject IFrames (pointing to visions7[.]net or axstat[.]com)
> into legitimate web sites.
> 
> The format of the list is:
> <ASN> | <IP> | <CC> | <domain name> <user> <pass> | <AS desc>
> 
>    kind regards, Dirk Stander (1&1 Internet AG) :.