Security Incidents mailing list archives
Monkeybrains.net and badtrans compromise information
From: Joe-Clifton <JClifton () OfficeDepot com>
Date: Fri, 4 Jan 2002 09:57:42 -0500
I recently received an e-mail (indirectly I should add) from a security
company (Para Protect) saying that our domainname has come up in searches
they were doing for their customers on monkeybrains.net, and wanted to
inform us of this information. I have provided a snippit of the e-mail
below. I went to the monkeybrains site and see that he is charging for this
information (extortion??? **joking**.)
I would like to know if anyone else has had any dealings or knows of the
validity of the information contained therein.
Snippit starts here.....
Para-Protect is doing investigations into compromised accounts associated
with the badtrans worm for our clients and uncovered a number of references
to "officedepot" account names that may have compromised.
Another snippit starts here
We suggest you contact the ISP where the compromised information resides to
determine the scope. The ISP providing the information is monkeybrains.net.
Though actual username and passwords are not specifically displayed at the
website, all indications are that the website does in fact hold valid
username and passwords for the identified servers above.
To identify the exact accounts compromised for your domain,
Monkeybrains.net asks that domain level requests be sent to
badtrans () monkeybrains net; results will be emailed to abuse@YOUR_DOMAIN.com
and no other address.
To check for other domains of yours, go to badtrans.monkeybrains.net and
search for "PASSWORDS." Though actual passwords will not be revealed, the
compromise of accounts and passwords for a specific domain will be.
Thanks for any comments/suggestions
Joe H Clifton
Security Team Lead
Office Depot
2200 Old Germantown Rd
Delray Beach, FL 33445
(561)-438-7906
two-way Pager: 877-542-0129
----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management
and tracking system please see: http://aris.securityfocus.com
Current thread:
- Monkeybrains.net and badtrans compromise information Joe-Clifton (Jan 04)
- RE: Monkeybrains.net and badtrans compromise information Ken Pfeil (Jan 04)
- <Possible follow-ups>
- RE: Monkeybrains.net and badtrans compromise information Williams Jon (Jan 04)
- RE: Monkeybrains.net and badtrans compromise information van Wyk, Ken (Jan 04)
- RE: Monkeybrains.net and badtrans compromise information Ken Pfeil (Jan 04)
- RE: Monkeybrains.net and badtrans compromise information Michael Graham (Jan 04)
- RE: Monkeybrains.net and badtrans compromise information Ken Pfeil (Jan 04)
- RE: Monkeybrains.net and badtrans compromise information Slighter, Tim (Jan 04)
- RE: Monkeybrains.net and badtrans compromise information Nick FitzGerald (Jan 04)
- RE: Monkeybrains.net and badtrans compromise information Brian McWilliams (Jan 04)