logo

  •   Submit to to del.icio.us   Submit to to digg   submit to to reddit   submit to to StumbleUpon   submit to to Google   Submit to to Yahoo!

Category: news | Posted by Avatar Staff 313 days ago
Via: http://lists.jammed.com | Tags: isn logins ftp servers sale comments Discuss  


http://www.techworld.com/security/news/index.cfm?newsID=11561



By John E. Dunn

Techworld

27 February 2008



Criminals have assembled a huge database of hacked FTP server logins

belonging to some of the worlds leading companies, a security company

has revealed.



Finjan said it had stumbled upon a database containing account

usernames, passwords and server addresses for a staggering 8,700 FTP

servers, many of which were being used by US Fortune 100-level

enterprises.



The hacked servers could be used to distribute crimeware by injecting

iframe tags into any webpage stored on the compromised FTP servers.

Indeed the server accounts were themselves being traded by a web

application able to rank and price them according to their Google page

rank for re-sale to other criminals.



The company found the database while examining what appears to be a

sophisticated Russian crimeware hub built using a newer version of the

Neosploit crimeware toolkit, sophisticated enough to offers its criminal

users a SaaS (software as a service) interface for carrying out attacks.



The company didnt name the domains involved for obvious reasons, but the

range of sectors and countries reads like a whos who of big business.

FTP details for telecoms, media, online retail, and government agencies

were all present, across every leading economy and beyond.



Using the Alexa.com domain ranking, Finjan found 10 of the top 100

domains in the database, 100 of the top 500 domains, and 50 of those

between 500 and 1,000.



Breaking these down by location, 2,621 were in the US, 1,247 in Russia,

392 in Australia, 354 in Asia/Pacific. The rest were covered Eastern

Europe, with only a handful in western European countries such as

Germany and the UK, which accounted for 80 and 78, respectively.



"With this new trading application, cyber-criminals have an instant

'solution' to their problem of gaining access to FTP credentials and

thus infecting both the legitimate websites and unsuspecting visitors,

said Finjans Yuval-Ben Itzhak.





___________________________________________________

Subscribe to InfoSec News

http://www.infosecnews.org/mailman/listinfo/isn





addto Add this link to... report Bury 


Comments Who Voted Related Links
Copyright 2005-2008 Best of Security