All the latest UK technology news, reviews and analysis
|
|
|
28 Feb 2008
Security firm Finjan has uncovered a database containing more than 8,700 harvested FTP account credentials, including usernames, passwords and server addresses.
The stolen details are already in the hands of hackers who will be able to compromise servers and automatically push malware to users visiting the affected sites.
Many of the stolen accounts belong to Fortune-level companies in a wide range of industries, including manufacturing, telecoms, media, online retail, IT, as well as government agencies.
Finjan said that the stolen FTP accounts include some of the world's top 100 domains as ranked by Alexa.com.
Finjan's Malicious Code Research Center has discovered a new application especially designed to abuse and trade stolen FTP account credentials of legitimate companies around the world.
A trading interface is used to qualify the stolen accounts in terms of country of residence of the FTP server and Google page ranking of the compromised server.
This information enables cyber-criminals to work out costs for the compromised FTP credentials for resale to other criminals or to adjust the attack on more prominent sites.
The trading application also allows the cyber-criminal to manage FTP credential information to automatically inject iFrame tags to web pages on the compromised server.
"Software-as-a-service has been evolving for sometime, but has been applied only to legitimate applications until now," said Yuval Ben-Itzhak, chief technology officer at Finjan.
"With this new trading application, criminals have an instant 'solution' to their 'problem' of gaining access to FTP credentials and thus infecting legitimate websites and unsuspecting visitors. All of this can be achieved with just one push of a button."
Latest stories from Security
Related articles
Related jobs
Poll
What is the most important IT priority for your company this year?
EU data protection overhaul contains "bureaucratic tick box-proposals", says information commissioner Christopher Graham in exclusive interview with V3
Connect with V3.co.uk
This paper focuses on a series of best practices and techniques for development teams looking to improve their software development processes
Why good data management at all levels is essential in the modern business (video, 6mins)
eCommerce Business Analyst - (North London) Permanent...
UI Developer (North London) Permanent £55,000 - £60...
MS Office 2010 Trainer - Cambridge My Cambridge based...
Dynamics CRM consultants (experience of javascript and...
Keep up to date with the latest products, services and technologies from the world's leading IT companies. IThound.com brings you over 2,000 white papers, case studies and analyst reports.
Do you agree?
The Bigger They Are, The Less You'll Tell Us
When a mom and pop store website gets compromised and is pushing out malware, you'll tell us that the site is www.maandpa.com. When the company is a Fortune 500 everyone gets silent and only describes them by an unusable descriptor such as "a leading Wall Street investment firm" rather than their domain name.
Posted by: Stuart G. Friedman 11 Jun 2008