Hackers have control of more than 8,700
FTPserver credentials, with a number of top
global domains helping to make up the list, says web security firm
Finjan.
In its latest Malicious Page of the Month report, Finjan reveals
the commercialisation of
stolen FTP server credentials owned by legitimate companies by
hackers who are using the NeoSploit Crimeware toolkit.
Finjan has uncovered a database in the hands of hackers
containing more than 8,700 harvested FTP account credentials,
including usernames, passwords and server addresses.
These stolen credentials enable criminals to compromise servers
and automatically inject crimeware to infect users visiting
them.
Among the stolen accounts are those belonging to top global
companies in a wide range of industries, including manufacturing,
telecoms, media, online retail and IT, as well as government
agencies, Finjan said.
The stolen FTP accounts include some of the world's top 100
domains as ranked by Alexa.com. Finjan has not named the companies
affected by the scam.
A trading interface is used to qualify the stolen accounts in
terms of country of residence of the FTP server and Google page
ranking of the compromised server.
This information enables the cybercriminals to devise a cost for
the compromised FTP credentials for resale to other
cybercriminals.
Yuval Ben-Itzhak, CTO at Finjan, said, "Software as a service
has been evolving for some time, but until now it has been applied
only to legitimate applications. With this new trading application,
cybercriminals have an instant solution to their problem of gaining
access to FTP credentials, and thus infecting both legitimate
websites and unsuspecting visitors."
Finjan is inviting IT security personnel from legitimate
organisations to inquire if their FTP servers' credentials are
among those identified as stolen.