Finjan released an interesting report today about a database it uncovered with more than 8,700 harvested FTP account credentials — including username, password and server address — that are apparently in the hands of the digital underground.
The vendor says these stolen credentials allow the bad guys to inject crimeware into servers and in turn infect end users. Stolen accounts include those of Fortune-level global companies in a wide range of industries such as manufacturing, telecom, media, online retail, IT and government agencies. The stolen FTP accounts include some of the world’s top 100 domains as ranked by Alexa.com.
“Software-as-a-Service has been evolving for sometime, but until now, it has been applied only to legitimate applications. With this new trading application, cybercriminals have an instant ‘solution’ to their ‘problem’ of gaining access to FTP credentials and thus infecting both the legitimate websites and its unsuspecting visitors. All of this can be easily achieved with just one push of a button,” Finjan CTO Yuval Ben-Itzhak said in a press release.