| |||
|
|
||
|
|||
| |
|
Home > Security News > New Trojan stealing FTP credentials, attacking FTP websites |
| |
|
|
|
|
| Security News: |
|
||
|
|||
|
|||
|
|||
|
|||
|
|||
|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Security researchers have discovered a new Trojan that has harvested as many as 80,000 unique FTP server logins and is now beginning to target domains, injecting malicious scripts into compromised FTP sites.
So far up to 74,000 unique FTP sites are affected, according to security vendor Prevx, which discovered a server containing the FTP credentials. The list of FTP websites contains some high profile names, including software resellers of security vendors Symantec and McAfee, Bank of America, Amazon.com and others have been compromised. "The list is now so large we have no way to effectively inform companies in a meaningful timeframe," Jacques Erasmus, director of research at Prevx. "I suspect we'll see an increase in drive by malware in the next day or two."
In five minutes one infected client managed to inject malicious JavaScript into 85 FTP websites. Once malicious script is injected into a page, it automatically scans the software running on visitor's machines looking for a way in. If a flaw is found, the script deploys a specially crafted package of malware onto the machine that steals passwords and other sensitive information. The Trojan, a variant of the Zeus family, also scours the machine's stored form cache looking for stored FTP login credentials. Prevx set up a website to enable users to check if their FTP credentials have been compromised. Earlier this month, security vendor Websense Inc. warned that stolen FTP credentials were to blame in a massive attack targeting 40,000 websites. In May, a malware exploit, called Gumblar, spread quickly onto websites through stolen FTP credentials in addition to vulnerable Web applications and poor configuration settings. Erasmus and other experts are urging FTP website owners to move to secure FTP to cut down on stolen credentials and limit the possibility of infection. Software is available to allow businesses to securely transfer billing data, funds transfer and large data recovery files. To avoid sniffing and other security issues, FTP clients support SFTP to provide secure file transfer or FTPS, to enable data encryption. Users of FTP can protect themselves by ensuring that login information is not stored in the browser cache. Symantec issued a statement saying it immediately conducted comprehensive testing and verified that its FTP servers were not affected by the malware. The security vendor said it has processes and procedures in place to verify the security of its infrastructure on a regular basis.
|
|
|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
