Security Incidents mailing list archives
RE: Monkeybrains.net and badtrans compromise information
From: "Ken Pfeil" <Ken () infosec101 org>
Date: Fri, 4 Jan 2002 12:12:52 -0500
It was probably from Mike Higgins over at Para-Protect. The information is valid. I would suggest you contact the ISP holding the account information to help determine the level of severity. Regards, Ken
-----Original Message----- From: Joe-Clifton [mailto:JClifton () OfficeDepot com] Sent: Friday, January 04, 2002 9:58 AM To: 'incidents () securityfocus com' Cc: 'focus-virus () securityfocus com' Subject: Monkeybrains.net and badtrans compromise information I recently received an e-mail (indirectly I should add) from a security company (Para Protect) saying that our domainname has come up in searches they were doing for their customers on monkeybrains.net, and wanted to inform us of this information. I have provided a snippit of the e-mail below. I went to the monkeybrains site and see that he is charging for this information (extortion??? **joking**.) I would like to know if anyone else has had any dealings or knows of the validity of the information contained therein. Snippit starts here..... Para-Protect is doing investigations into compromised accounts associated with the badtrans worm for our clients and uncovered a number of references to "officedepot" account names that may have compromised. Another snippit starts here We suggest you contact the ISP where the compromised information resides to determine the scope. The ISP providing the information is monkeybrains.net. Though actual username and passwords are not specifically displayed at the website, all indications are that the website does in fact hold valid username and passwords for the identified servers above. To identify the exact accounts compromised for your domain, Monkeybrains.net asks that domain level requests be sent to badtrans () monkeybrains net; results will be emailed to abuse@YOUR_DOMAIN.com and no other address. To check for other domains of yours, go to badtrans.monkeybrains.net and search for "PASSWORDS." Though actual passwords will not be revealed, the compromise of accounts and passwords for a specific domain will be. Thanks for any comments/suggestions Joe H Clifton Security Team Lead Office Depot 2200 Old Germantown Rd Delray Beach, FL 33445 (561)-438-7906 two-way Pager: 877-542-0129 ------------------------------------------------------------------ ---------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
Current thread:
- Monkeybrains.net and badtrans compromise information Joe-Clifton (Jan 04)
- RE: Monkeybrains.net and badtrans compromise information Ken Pfeil (Jan 04)
- <Possible follow-ups>
- RE: Monkeybrains.net and badtrans compromise information Williams Jon (Jan 04)
- RE: Monkeybrains.net and badtrans compromise information van Wyk, Ken (Jan 04)
- RE: Monkeybrains.net and badtrans compromise information Ken Pfeil (Jan 04)
- RE: Monkeybrains.net and badtrans compromise information Michael Graham (Jan 04)
- RE: Monkeybrains.net and badtrans compromise information Ken Pfeil (Jan 04)
- RE: Monkeybrains.net and badtrans compromise information Slighter, Tim (Jan 04)
- RE: Monkeybrains.net and badtrans compromise information Nick FitzGerald (Jan 04)
- RE: Monkeybrains.net and badtrans compromise information Brian McWilliams (Jan 04)