RE: Monkeybrains.net and badtrans compromise information

From: Ken Pfeil (Kenat_private)
Date: Fri Jan 04 2002 - 09:12:52 PST

  • Next message: Williams Jon: "RE: Monkeybrains.net and badtrans compromise information"

    It was probably from Mike Higgins over at Para-Protect. The information is
    valid. I would suggest you contact the ISP holding the account information
    to help determine the level of severity.
    
    Regards,
    Ken
    
    > -----Original Message-----
    > From: Joe-Clifton [mailto:JCliftonat_private]
    > Sent: Friday, January 04, 2002 9:58 AM
    > To: 'incidentsat_private'
    > Cc: 'focus-virusat_private'
    > Subject: Monkeybrains.net and badtrans compromise information
    >
    >
    >
    > I recently received an e-mail (indirectly I should add)  from a security
    > company (Para Protect) saying that our domainname has come up in searches
    > they were doing for their customers on monkeybrains.net, and wanted to
    > inform us of this information.  I have provided a snippit of the e-mail
    > below.  I went to the monkeybrains site and see that he is
    > charging for this
    > information (extortion???  **joking**.)
    > I would like to know if anyone else has had any dealings or knows of the
    > validity of the information contained therein.
    >
    > Snippit starts here.....
    >
    > Para-Protect is doing investigations into compromised accounts associated
    > with the badtrans worm for our clients and uncovered  a number of
    > references
    > to "officedepot" account names that may have compromised.
    >
    > Another snippit starts here
    >
    >
    > We suggest you contact the ISP where the compromised information
    > resides to
    > determine the scope. The ISP providing the information is
    > monkeybrains.net.
    > Though actual username and passwords are not specifically displayed at the
    > website, all indications are that the website does in fact hold valid
    > username and passwords for the identified servers above.
    >
    > 	To identify the exact accounts compromised for your domain,
    > Monkeybrains.net asks that domain level requests be sent to
    > badtransat_private; results will be emailed to
    > abuseat_private
    > and no other address.
    >
    > To check for other domains of yours, go to badtrans.monkeybrains.net and
    > search for "PASSWORDS."  Though actual passwords will not be revealed, the
    > compromise of accounts and passwords for a specific domain will be.
    >
    > Thanks for any comments/suggestions
    >
    >
    >
    > Joe H Clifton
    > Security Team Lead
    > Office Depot
    > 2200 Old Germantown Rd
    > Delray Beach, FL 33445
    > (561)-438-7906
    > two-way Pager: 877-542-0129
    >
    > ------------------------------------------------------------------
    > ----------
    > This list is provided by the SecurityFocus ARIS analyzer service.
    > For more information on this free incident handling, management
    > and tracking system please see: http://aris.securityfocus.com
    >
    
    
    ----------------------------------------------------------------------------
    This list is provided by the SecurityFocus ARIS analyzer service.
    For more information on this free incident handling, management 
    and tracking system please see: http://aris.securityfocus.com
    



    This archive was generated by hypermail 2b30 : Fri Jan 04 2002 - 09:39:59 PST