Finjan Inc., a leader in secure web gateway products, today announced it has uncovered a database containing more than 8,700 harvested FTP account credentials, including username, password and server address - in the hands of hackers. These stolen credentials enable criminals to compromise servers and automatically inject crimeware to infect users visiting them. Among those stolen accounts are those of Fortune-level global companies in a wide range of industries including manufacturing, telecom, media, online retail, IT, as well as government agencies. The stolen FTP accounts include some of the world’s top 100 domains as ranked by Alexa.com.
Finjan’s Malicious Code Research Center (MCRC) has detailed the workings of an insidious new application, especially designed to abuse and trade stolen FTP account credentials of legitimate companies around the world. A trading interface is used to qualify the stolen accounts in terms of country of residence of the FTP server and Google page ranking of the compromised server. This information enables the cybercriminals to devise cost for the compromised FTP credentials for resale to other cybercriminals or to adjust the attack on more prominent sites. The trading application also allows the cybercriminal to manage FTP credential information to automatically inject IFRAME tags to web pages on the compromised server.
“Software-as-a-Service has been evolving for sometime, but until now, it has been applied only to legitimate applications. With this new trading application, cybercriminals have an instant ‘solution’ to their ‘problem’ of gaining access to FTP credentials and thus infecting both the legitimate websites and its unsuspecting visitors. All of this can be easily achieved with just one push of a button,” said Yuval Ben-Itzhak, CTO of Finjan.
Finjan invites IT security personnel from legitimate organizations to inquire if their FTP servers’ credentials are among those identified as stolen. Finjan can be contacted at http://www.finjan.com/contactFTP
According to Finjan, the NeoSploit 2 toolkit marks a serious escalation of Crimeware potential, since it uses the Software-as-a-Service business model.
To download the report, please visit http://www.finjan.com/mpom
Malicious Code Research Center (MCRC) is the leading research department at Finjan, dedicated to the research and detection of security vulnerabilities in Internet applications, as well as other popular programs. MCRC’s goal is to stay steps ahead of hackers attempting to exploit open platforms and technologies to develop malicious code such as Spyware, Trojans, Phishing attacks, worms and viruses. MCRC shares its research efforts with many of the world’s leading software vendors to help patch their security holes. MCRC is a driving force behind the development of next generation security technologies used in Finjan’s proactive web security solutions. For more information, visit our MCRC subsite.
Finjan is a global provider of web security solutions for the enterprise market. Our real-time, appliance-based web security solutions deliver the most effective shield against web-borne threats, freeing enterprises to harness the web for maximum commercial results. Finjan’s real-time web security solutions utilize patented behavior-based technology to repel all types of threats arriving via the web, such as spyware, phishing, Trojans and obfuscated malicious code, securing businesses against unknown and emerging threats, as well as known malware. Finjan's security solutions have received industry awards and recognition from leading analyst houses and publications, including IDC, Butler Group, SC Magazine, CRN, ITPro, PCPro, ITWeek, Network Computing, and Information Security. With Finjan’s award-winning and widely used solutions, businesses can focus on implementing web strategies to realize their full organizational and commercial potential. For more information about Finjan, please visit: www.finjan.com.
