[nsp-sec] Stolen HTTP(s) login credentials
Gabriel Iovino
giovino at ren-isac.net
Thu Feb 17 10:51:49 EST 2011
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 2/17/2011 8:37 AM, Thomas Hungenberg wrote:
> Hi teams,
>
> please find below a list of stolen HTTP(s) login credentials found in a malware dropzone.
> According to the dropzone timestamps, the credentials have been stolen between
> 2011-02-12 and 2011-02-15.
ACK
> 25 | 128.32.18.150 | http://setiathome.berkeley.edu | US | gusdias at gmail.com | c******* | UCB - University of California at Berkeley
> 25 | 128.32.18.150 | http://setiathome.berkeley.edu/ | US | gusdias at gmail.com | c******* | UCB - University of California at Berkeley
> 33503 | 141.106.12.44 | http://vpndownload.is.mcw.edu | US | czuk | W******* | MCW-1-AS - Medical College of Wisconsin
> 33503 | 141.106.92.39 | https://login.proxy.lib.mcw.edu | US | czuk | W******* | MCW-1-AS - Medical College of Wisconsin
We will generate some sanitized notifications.
Thank you!
Gabe
- --
Gabriel Iovino
Principal Security Engineer, REN-ISAC
http://www.ren-isac.net
24x7 Watch Desk +1(317)278-6630
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iEYEARECAAYFAk1dRBUACgkQwqygxIz+pTv20gCgrBaghR2cqz+NhJLNb5diPHKq
aQ0Anj96IUSRp3yIHgfEmhgiDrK4JglE
=Z0eo
-----END PGP SIGNATURE-----
More information about the nsp-security
mailing list