Monkeybrains.net and badtrans compromise information

From: Joe-Clifton (JCliftonat_private)
Date: Fri Jan 04 2002 - 06:57:42 PST

  • Next message: Ken Pfeil: "RE: Monkeybrains.net and badtrans compromise information"

    I recently received an e-mail (indirectly I should add)  from a security
    company (Para Protect) saying that our domainname has come up in searches
    they were doing for their customers on monkeybrains.net, and wanted to
    inform us of this information.  I have provided a snippit of the e-mail
    below.  I went to the monkeybrains site and see that he is charging for this
    information (extortion???  **joking**.)
    I would like to know if anyone else has had any dealings or knows of the
    validity of the information contained therein.  
    
    Snippit starts here.....
    
    Para-Protect is doing investigations into compromised accounts associated
    with the badtrans worm for our clients and uncovered  a number of references
    to "officedepot" account names that may have compromised.
    
    Another snippit starts here
    
    
    We suggest you contact the ISP where the compromised information resides to
    determine the scope. The ISP providing the information is monkeybrains.net.
    Though actual username and passwords are not specifically displayed at the
    website, all indications are that the website does in fact hold valid
    username and passwords for the identified servers above. 
    
    	To identify the exact accounts compromised for your domain,
    Monkeybrains.net asks that domain level requests be sent to
    badtransat_private; results will be emailed to abuseat_private
    and no other address.
    
    To check for other domains of yours, go to badtrans.monkeybrains.net and
    search for "PASSWORDS."  Though actual passwords will not be revealed, the
    compromise of accounts and passwords for a specific domain will be.
    
    Thanks for any comments/suggestions
    
    
    
    Joe H Clifton
    Security Team Lead
    Office Depot 
    2200 Old Germantown Rd
    Delray Beach, FL 33445
    (561)-438-7906
    two-way Pager: 877-542-0129
    
    ----------------------------------------------------------------------------
    This list is provided by the SecurityFocus ARIS analyzer service.
    For more information on this free incident handling, management 
    and tracking system please see: http://aris.securityfocus.com
    



    This archive was generated by hypermail 2b30 : Fri Jan 04 2002 - 08:23:18 PST