[nsp-sec] Old data still available on rentaplayer.com

[Carol Overes]

All,

During an investigation I bumped in some old data which seems to be from
more than one year back. The data is located on:

hxxp:// www. rentaplayer. com /

IP details:
AS      | IP               | BGP Prefix          | CC | Registry |
Allocated  | AS Name
4323    | 216.120.237.31   | 216.120.224.0/19    | US | arin     |
2002-08-08 | TWTC - tw telecom holdings, inc.



According to the following write-up, the data should be there already
from November 2009:
http://www.nartv.org/2009/11/06/russian-malware-bundle/

The number of harvested emails as mentioned in the write-up is 4,288,450
email addresses. This number is still the same, which indicates that the
data is not updated anymore. There are also some tools and templates
located.

Harvested email addresses are located at:
hxxp:// www. rentaplayer. com / aaa-listas /

I don't know if this server is on the watch list of LEO, or if the ASN
is present on this list. But it would be appropriate when this data is
removed from the server.

Kind regards,


 
Carol Overes
Incident Handling and Threat Analyst
Technology

Emirates Integrated Telecommunications Company, PJSC
P.O. Box 502666, Dubai, U.A.E.

Mobile +971558486469

http://www.du.ae/

This email and any attachments contain confidential information. You must not read, print, copy, store, or otherwise use them unless you are the intended recipient. If you have received them in error, please delete them and contact du.
Without exception, du does not enter into any agreement through email communications and nothing in this email shall be construed or interpreted as binding du or creating any obligation (whether financial or otherwise) for du.
You should check attachments for viruses before opening. Please note that email communications may be monitored in accordance with the laws of the United Arab Emirates.

Authorized, issued and fully paid up share capital of AED 4,571,428,571
Commercial License No.576513; Commercial Registration No. 77967