We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message
80,259 News Articles

Hackers trading 8,700-strong FTP database

Details used to compromise company servers

Security firm Finjan has warned that hackers have built up a database holding over 8,700 harvested FTP account credentials, including username, password and server addresses.

These stolen details enable criminals to compromise servers and automatically inject crimeware to infect users visiting them, said Finjan. They are using the NeoSploit 2 Crimeware toolkit for this purpose, according to Finjan's Malicious Page of the Month report.

Some of these stolen accounts belong to the Fortune-level global companies in a wide range of industries including manufacturing, telecoms, media, online retail, IT, as well as government agencies. The stolen accounts include some of the world's top 100 domains as ranked by Alexa.com.

Hackers are not only in possession of such significant information, they are also engaged in its trading, claimed Finjan's Malicious Code Research Center (MCRC), a department dedicated to the research and detection of security vulnerabilities in internet applications.

MCRC has detailed the workings of an insidious new application, especially designed to abuse and trade stolen FTP account credentials of legitimate companies around the world. A trading interface is used to qualify the stolen accounts in terms of country of residence of the FTP server and Google page ranking of the compromised server, MCRC pointed out.

According to MCRC, this information enables the cybercriminals to devise cost for the compromised FTP credentials for resale to other cybercriminals or to adjust the attack on more prominent sites.

"With this new trading application, cybercriminals have an instant 'solution' to their 'problem' of gaining access to FTP credentials and thus infecting both the legitimate websites and its unsuspecting visitors," said Yuval Ben-Itzhak, CTO of Finjan.

The company has invited IT security personnel from legitimate organisations to inquire if their FTP servers' credentials are among those identified as stolen. Finjan can be contacted here.


IDG UK Sites

Where to buy iPhone 6 and iPhone 6 Plus in the UK: Launch day price, deals and contracts

IDG UK Sites

Is Apple losing confidence in itself?

IDG UK Sites

Professional photo and video techniques for perfect colours

IDG UK Sites

How (and where) to buy an iPhone 6 or iPhone 6 Plus in the UK. Plus: What to do if you pre-ordered...