Hackers have control of more than 8,700 FTP server credentials, with a number of top global domains helping to make up the list, says web security firm Finjan.
In its latest Malicious Page of the Month report, Finjan reveals the commercialisation of stolen FTP server credentials owned by legitimate companies by hackers who are using the NeoSploit Crimeware toolkit.
Finjan has uncovered a database in the hands of hackers containing more than 8,700 harvested FTP account credentials, including usernames, passwords and server addresses.
These stolen credentials enable criminals to compromise servers and automatically inject crimeware to infect users visiting them.
Among the stolen accounts are those belonging to top global companies in a wide range of industries, including manufacturing, telecoms, media, online retail and IT, as well as government agencies, Finjan said.
The stolen FTP accounts include some of the world's top 100 domains as ranked by Alexa.com. Finjan has not named the companies affected by the scam.
A trading interface is used to qualify the stolen accounts in terms of country of residence of the FTP server and Google page ranking of the compromised server.
This information enables the cybercriminals to devise a cost for the compromised FTP credentials for resale to other cybercriminals.
Yuval Ben-Itzhak, CTO at Finjan, said, "Software as a service has been evolving for some time, but until now it has been applied only to legitimate applications. With this new trading application, cybercriminals have an instant solution to their problem of gaining access to FTP credentials, and thus infecting both legitimate websites and unsuspecting visitors."
Finjan is inviting IT security personnel from legitimate organisations to inquire if their FTP servers' credentials are among those identified as stolen.