Q
Problem solve Get help with specific problems with your technologies, process and projects.

How can open FTP servers be protected from Miner-C malware?

Enterprises with open FTP servers are being targeted by Miner-C malware for crypto coin mining activities. Expert Nick Lewis explains how enterprises can protect their servers.

Attackers have infected thousands of open FTP servers run by Seagate Central with Mal/Miner-C malware that mines...

Monero crypto coins. How did this malware make its way onto the FTP servers and specifically target Monero cryptocurrency? How can enterprises protect their FTP servers from being infected in a similar way by other malware?

Embedded and internet of things devices containing default accounts and other insecure components are the new scourge of the internet. The developers of these systems don't appear to have learned from lessons in history, and are repeating the same mistakes.

Sophos' paper about the Mal/Miner-C malware describes how it abused insecure Seagate network-attached storage (NAS) devices using open FTP servers that allowed write access to a default account.

The malware propagated by scanning the internet for open FTP servers and then infecting those systems that allowed default account logins. The malware would copy itself onto the device and make itself look like a photo directory in an effort to socially engineer a user of the NAS to open the file, thus infecting the endpoint with the malware. Once infected, the endpoint would start mining Monero cryptocurrency.

Sophos explains that the malware may have chosen Monero cryptocurrency to mine because it remains reasonable for standard endpoints to mine new coins, as opposed to bitcoins. The malware author could profit more by deciding on Monero cryptocurrency.

Enterprises still running vulnerable open FTP servers have serious deficiencies in their information security programs. Open FTP servers with default accounts and write access enabled have been an issue for over 20 years.

Basic vulnerability scanning can be used to identify these exposed systems, and enterprises should carefully evaluate any system that has been flagged for signs of a potential compromise.

FTP is a relatively efficient method of transferring files, so enterprises may still use this technology, but they should also carefully evaluate its risks and decide if they would be better served by moving to a more modern system. At a minimum, default accounts should be disabled, and a secure version of FTP should be used to prevent attacks from Miner-C malware and others like it. 

Next Steps

Discover how blockchain technology works

Read more about choosing the right variety of blockchain

Find out how to keep your network secure when making large file transfers

This was last published in February 2017

Dig Deeper on Malware, virus, Trojan and spyware protection and removal

PRO+

Content

Find more PRO+ content and other member only offers, here.

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

Join the conversation

2 comments

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.

What method of secure file transfer does your enterprise use?
Cancel
Thanks for this great post and open FTPs have easy to vulnerable it also affects server performance.  
Cancel

-ADS BY GOOGLE

SearchCloudSecurity

SearchNetworking

SearchCIO

SearchConsumerization

SearchEnterpriseDesktop

SearchCloudComputing

ComputerWeekly

Close