Logins for 8,700 FTP servers found on sale

March 2, 2008

Finjan stated it had found upon a database containing account usernames, passwords and server addresses for an astounding 8,700 FTP servers, many of which were being used by US Fortune 100-level enterprises.

The hacked servers might be used to distribute crimeware by inserting iframe tags into any webpage stored on the hacked FTP servers. Without a doubt the server accounts were themselves being traded by a web application capable of ranking and pricing them according to their Google page rank for re-sale to other criminals.

The company came across the database while investigating what appears to be a complicated Russian crimeware hub constructed using a newer version of the Neosploit crimeware toolkit, sophisticated enough to present its illicit users a SaaS (software as a service) interface for carrying out attacks.

The company didn’t name the domains concerned for understandable reasons, but the variety of sectors and countries reads like a who’s who of big business. FTP particulars for telecoms, media, online retail, and government agencies were all there across every principal economy and beyond.

Utilising the Alexa.com domain ranking, Finjan found 10 of the top 100 domains in the database, 100 of the top 500 domains, and 50 of those between 500 and 1,000.

Previously this month, the FTP server belonging to the Forth Estuary Transport Authority (FETA) was hacked, permitting criminals to server malware from the website of the famous UK landmark, the Forth Road Bridge near Edinburgh.


Post a comment

Your email address will not be published. Required fields are marked *

Visited 1353 times, 1 so far today