Security firm
Finjan has
uncovered a database containing more than 8,700 harvested FTP account
credentials, including usernames, passwords and server addresses.
The stolen details are already in the hands of hackers who will be able to
compromise servers and automatically push malware to users visiting the affected
sites.
Many of the stolen accounts belong to Fortune-level companies in a wide range
of industries, including manufacturing, telecoms, media, online retail, IT, as
well as government agencies.
Finjan said that the stolen FTP accounts include some of the world's top 100
domains as ranked by Alexa.com.
Finjan's
Malicious Code Research Center has discovered a new application especially
designed to abuse and trade stolen FTP account credentials of legitimate
companies around the world.
A trading interface is used to qualify the stolen accounts in terms of
country of residence of the FTP server and Google page ranking of the
compromised server.
Criminals now have an instant solution to the problem of gaining access to FTP credentials
Yuval Ben-Itzhak Chief technology officer, Finjan
This information enables cyber-criminals to work out costs for the
compromised FTP credentials for resale to other criminals or to adjust the
attack on more prominent sites.
The trading application also allows the cyber-criminal to manage FTP
credential information to automatically inject iFrame tags to web pages on the
compromised server.
"Software-as-a-service has been evolving for sometime, but has been applied
only to legitimate applications until now," said Yuval Ben-Itzhak, chief
technology officer at Finjan.
"With this new trading application, criminals have an instant 'solution' to
their 'problem' of gaining access to FTP credentials and thus infecting
legitimate websites and unsuspecting visitors. All of this can be achieved with
just one push of a button."
Do you agree?
Have your say on this article