Comments on: Service Sells Access to Fortune 500 Firms

By: derp

derp — Fri, 09 Nov 2012 07:52:05 +0000

they are selling RDP, which they are using for geo proximity to wherever they are credit or bank frauding from, they are most likely not interested in what’s on the system only to use it’s browser fingerprint to steal from somewhere else undetected

By: Locksmith Melbourne

Locksmith Melbourne — Wed, 07 Nov 2012 04:41:04 +0000

Really mental that there are so many computers for hire although Tadas P’s comment is interesting reading. We’re doing more and more security audits and risk assessments for smaller companies and this caught my eye while reading another article, I’m pretty shocked.

By: BrianKrebs

BrianKrebs — Sun, 04 Nov 2012 14:20:08 +0000

Hi Tadas. Thanks for reading and for your comment. I’m assuming you’re giving us a hunch as opposed to stating this as fact, unless you know something I don’t about this service (which appears to have vanished for the time being).

As to the iframeservice, I wrote about it a few months back .

http://krebsonsecurity.com/2012/05/service-automates-boobytrapping-of-hacked-sites/

By: Tadas P.

Tadas P. — Sun, 04 Nov 2012 12:54:30 +0000

Brain, Your blog post were always entertaining, fun to real, and educational!

Most of the “fortune 500″ servers that were sold at that shop are simply testing servers, honeypots, or servers that people simply have no use of and just play with it – also, they probably have been sold/scanned/obtained by dozen other people.

All servers that are being sold at that store are obtained by scanning IP ranges, and trying default passwords for specific ip that runs windows, and remote desktop. Such as admin/admin, admin/password, sysadmin/secret…cisco/cisco.. etc.

“Fortune 500″ Systems are being hacked everyday, but not necessary it means, that it can do any damage, to the corporation, or infrasture itself.

Most of the systems sold there are already compromised multiple times, and multiple people have access to it, runs various malicious software, torrents, scams on it.

As article mentioned “I ran a check on the Cisco box and found that it had already been blacklisted by 10 out of 15 popular services that track malicious activity online, such as spam and malware hosting.” — This just simply means, that box is compromised by multiple people, some are using server for bad things, other guys are selling it.

Brain, Here is something that should be interesting – https://srvc.iframeservice.net:666/

By: C Doom

C Doom — Fri, 02 Nov 2012 14:51:33 +0000

1) the compromised server was in a lab, which means it might not have been under IT policy. Engineers might have fought for the right to be excluded from firewalling policies reserved for corporate LANS. The ever popular “they’re engineers and they need access without policies to do their jobs” thing.

2) Engineers / Telco noc flunkies at my former employer were fairly infamous for stupid moves such as these. One engineer got his lab linux server rooted in 26 tries by the remote russian malware bot. His excuse: “I thought the lab was firewalled!” No. It. Wasnt. engineers argued for it to be open. Then he got Pwned. So we called him my lil pwny from that point on.

3) Cisco/Cisco is used in lots of default contexts. Entirely believable on that front.

Its always possible its a honeynet. But in a testing lab, I’d easily believe security unconscious employees or security hubris on the part of technical employees is also in play.

By: 67GTV

67GTV — Fri, 26 Oct 2012 15:31:00 +0000

Hmmm… Something about petting other people’s cat??

By: AJ

AJ — Fri, 26 Oct 2012 13:26:35 +0000

Andrey, that is an option that might come in handy. But as I understand, you should also be able to search using the name of your company. If you really want to use numbers you can check the block of IP that is assigned to your company.

By: Drutar

Drutar — Fri, 26 Oct 2012 01:47:24 +0000

Check out seculert

By: FRAUD

FRAUD — Fri, 26 Oct 2012 01:34:10 +0000

Да сам он черт ебливый маниторит вериф, давно пора найти и пизды дать

By: Austin

Austin — Thu, 25 Oct 2012 14:53:22 +0000

Hey, if you are on microsoft, use Microsoft Security Baseline Analyzer and it will list out all the admin accounts on your system.

If you want to pay, use LanGuard from GFI or Nessus if you want to get really deep