[nsp-sec] ACK RE: Stolen FTP credentials
Matthew.Swaar at us-cert.gov
Matthew.Swaar at us-cert.gov
Tue Feb 15 14:39:00 EST 2011
Heyo, Dirk!
ACK for:
11956 | 161.55.65.12 | US | ftp.orr.noaa.gov ftpuser Jaf***** | NOAA-NWN
- NOAA / PMEL
20137 | 152.75.128.4 | US | upload.voa.gov voaftp Pnt***** | USIBB -
U.S. International Broadcasting Bureau
Proxy-ACK for:
7132 | 63.202.43.20 | US | www.fire.ca.gov versionthree $kr***** |
SBIS-AS - AT&T Internet Services
11109 | 216.226.177.235 | US | swcc-district.alabama.gov Lamar Lam*****
| STATE-OF-ALABAMA-ISD - State of Alabama, Information Services Division
Thanks for the heads-up.
Very Respectfully,
US-CERT Ops Center
888-282-0870
POC: Matt Swaar - Analyst
-----Original Message-----
From: nsp-security-bounces at puck.nether.net
[mailto:nsp-security-bounces at puck.nether.net] On Behalf Of Dirk Stander
Sent: Tuesday, February 15, 2011 8:35 AM
To: Nsp-Security
Subject: [nsp-sec] Stolen FTP credentials
----------- nsp-security Confidential --------
Hi Teams,
please find attached a list of stolen FTP-credentials, which have
been used to inject IFrames (pointing to visions7[.]net or axstat[.]com)
into legitimate web sites.
The format of the list is:
<ASN> | <IP> | <CC> | <domain name> <user> <pass> | <AS desc>
kind regards, Dirk Stander (1&1 Internet AG) :.
<<...snip...>>
_______________________________________________
nsp-security mailing list
nsp-security at puck.nether.net
https://puck.nether.net/mailman/listinfo/nsp-security
Please do not Forward, CC, or BCC this E-mail outside of the
nsp-security
community. Confidentiality is essential for effective Internet security
counter-measures.
_______________________________________________
More information about the nsp-security
mailing list