[nsp-sec] Compromised websites

[Beth Young]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

To follow up:

One of the .edu sites in the list was able to confirm that weak FTP
passwords was the entry point to drop the .htaccess file.  They
found 5 copies of the file in 5 different accounts, all had weak FTP
passwords.

Regards,
Beth

On 7/10/2012 12:41 PM, Gabriel Iovino wrote:
> ----------- nsp-security Confidential --------
> 
> On 7/10/2012 10:27 AM, Thomas Hungenberg wrote:
>> Hi,
> 
>> please find below a list of websites that recently have been
>> found compromised by Symantec. The attackers uploaded a malicious
>> .htaccess to redirect users to sites spreading Trojan.Milicenso.
> 
> We'll look into the following:
> 
>> 132.216.177.32|macdonaldcampusathletics.mcgill.ca 
>> 192.77.116.69|www1.chapman.edu 147.174.1.28|www2.selu.edu 
>> 169.227.254.22|mpsfoundation.net (milwaukee.k12.wi.us) 
>> 169.227.254.22|www.mpsfoundation.net (milwaukee.k12.wi.us) 
>> 150.134.10.14|people.ysu.edu
> 
> Thanks!
> 
> Gabe
> 
> 
> 
> _______________________________________________ nsp-security
> mailing list nsp-security at puck.nether.net 
> https://puck.nether.net/mailman/listinfo/nsp-security
> 
> Please do not Forward, CC, or BCC this E-mail outside of the
> nsp-security community. Confidentiality is essential for effective
> Internet security counter-measures. 
> _______________________________________________

- -- 
Beth Young, CISSP
soc at ren-isac.net
http://www.ren-isac.net
24x7 Watch Desk +1(317)278-6630
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.17 (MingW32)

iQEVAwUBT/8qznOn520JM2MZAQKZ8gf/XEX/w7BjlAd08ff3gRQ5QdD4iWyXzF2j
bUrWicySrjO9f4l9+aiDf2wnJCllvzKOahad2ZMJ2wmKdS4QTHFPkRP5Aee595zn
nHJLtco9CPbr6qZsibNDdGMGDdTqgf/qdmmQCGEdDLcmnQDOQiK9HJV8+aUstGTo
RW/F1G1vsHSUVDuE3BBzbGYDimY3DG8K7opjSW9pYmW8JiMcFoiXPdokVqkUPaza
AOYFyu4TRS3PIgCEUtDfYcwfnnCvb3KuKw8haC4QnhdPNgC21gsw6DlhRX2YvlfF
PHPuA9RiwZpG/o7TqD4hCq9GK5G2nYw2RLT/UnO+bfn4fLNhcnMy0w==
=bjhP
-----END PGP SIGNATURE-----