Monkeybrains.net and badtrans compromise information

From: Joe-Clifton (JCliftonat_private)
Date: Fri Jan 04 2002 - 06:57:42 PST

Next message: Ken Pfeil: "RE: Monkeybrains.net and badtrans compromise information"

Previous message: Jensenne Roculan: "Dead Thread - Microsoft's Early Xmas Present."
Next in thread: Ken Pfeil: "RE: Monkeybrains.net and badtrans compromise information"
Reply: Ken Pfeil: "RE: Monkeybrains.net and badtrans compromise information"
Reply: Williams Jon: "RE: Monkeybrains.net and badtrans compromise information"
Reply: van Wyk, Ken: "RE: Monkeybrains.net and badtrans compromise information"
Reply: Slighter, Tim: "RE: Monkeybrains.net and badtrans compromise information"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

I recently received an e-mail (indirectly I should add)  from a security
company (Para Protect) saying that our domainname has come up in searches
they were doing for their customers on monkeybrains.net, and wanted to
inform us of this information.  I have provided a snippit of the e-mail
below.  I went to the monkeybrains site and see that he is charging for this
information (extortion???  **joking**.)
I would like to know if anyone else has had any dealings or knows of the
validity of the information contained therein.  

Snippit starts here.....

Para-Protect is doing investigations into compromised accounts associated
with the badtrans worm for our clients and uncovered  a number of references
to "officedepot" account names that may have compromised.

Another snippit starts here


We suggest you contact the ISP where the compromised information resides to
determine the scope. The ISP providing the information is monkeybrains.net.
Though actual username and passwords are not specifically displayed at the
website, all indications are that the website does in fact hold valid
username and passwords for the identified servers above. 

	To identify the exact accounts compromised for your domain,
Monkeybrains.net asks that domain level requests be sent to
badtransat_private; results will be emailed to abuseat_private
and no other address.

To check for other domains of yours, go to badtrans.monkeybrains.net and
search for "PASSWORDS."  Though actual passwords will not be revealed, the
compromise of accounts and passwords for a specific domain will be.

Thanks for any comments/suggestions



Joe H Clifton
Security Team Lead
Office Depot 
2200 Old Germantown Rd
Delray Beach, FL 33445
(561)-438-7906
two-way Pager: 877-542-0129

----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com

Next message: Ken Pfeil: "RE: Monkeybrains.net and badtrans compromise information"
Previous message: Jensenne Roculan: "Dead Thread - Microsoft's Early Xmas Present."
Next in thread: Ken Pfeil: "RE: Monkeybrains.net and badtrans compromise information"
Reply: Ken Pfeil: "RE: Monkeybrains.net and badtrans compromise information"
Reply: Williams Jon: "RE: Monkeybrains.net and badtrans compromise information"
Reply: van Wyk, Ken: "RE: Monkeybrains.net and badtrans compromise information"
Reply: Slighter, Tim: "RE: Monkeybrains.net and badtrans compromise information"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Jan 04 2002 - 08:23:18 PST