It was probably from Mike Higgins over at Para-Protect. The information is valid. I would suggest you contact the ISP holding the account information to help determine the level of severity. Regards, Ken > -----Original Message----- > From: Joe-Clifton [mailto:JCliftonat_private] > Sent: Friday, January 04, 2002 9:58 AM > To: 'incidentsat_private' > Cc: 'focus-virusat_private' > Subject: Monkeybrains.net and badtrans compromise information > > > > I recently received an e-mail (indirectly I should add) from a security > company (Para Protect) saying that our domainname has come up in searches > they were doing for their customers on monkeybrains.net, and wanted to > inform us of this information. I have provided a snippit of the e-mail > below. I went to the monkeybrains site and see that he is > charging for this > information (extortion??? **joking**.) > I would like to know if anyone else has had any dealings or knows of the > validity of the information contained therein. > > Snippit starts here..... > > Para-Protect is doing investigations into compromised accounts associated > with the badtrans worm for our clients and uncovered a number of > references > to "officedepot" account names that may have compromised. > > Another snippit starts here > > > We suggest you contact the ISP where the compromised information > resides to > determine the scope. The ISP providing the information is > monkeybrains.net. > Though actual username and passwords are not specifically displayed at the > website, all indications are that the website does in fact hold valid > username and passwords for the identified servers above. > > To identify the exact accounts compromised for your domain, > Monkeybrains.net asks that domain level requests be sent to > badtransat_private; results will be emailed to > abuseat_private > and no other address. > > To check for other domains of yours, go to badtrans.monkeybrains.net and > search for "PASSWORDS." Though actual passwords will not be revealed, the > compromise of accounts and passwords for a specific domain will be. > > Thanks for any comments/suggestions > > > > Joe H Clifton > Security Team Lead > Office Depot > 2200 Old Germantown Rd > Delray Beach, FL 33445 > (561)-438-7906 > two-way Pager: 877-542-0129 > > ------------------------------------------------------------------ > ---------- > This list is provided by the SecurityFocus ARIS analyzer service. > For more information on this free incident handling, management > and tracking system please see: http://aris.securityfocus.com > ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Fri Jan 04 2002 - 09:39:59 PST