News
Finjan uncovers more than 8,700 server access details in the hands
of hackers
29 February 2008
Security company Finjan Inc has revealed details of the
commercialization of stolen access details of servers of legitimate
companies, by hackers who are using the NeoSploit Crimeware toolkit.
The company has uncovered a database containing more than 8,700
harvested FTP account credentials, including username, password and
server address, in the hands of hackers.
These stolen credentials enable criminals to compromise servers and
automatically inject crimeware to infect users visiting them. Among the
stolen accounts are those of Fortune-level global companies in a wide
range of industries including manufacturing, telecom, media, online
retail, IT, as well as government agencies. The stolen FTP accounts
include some of the world’s top 100 domains as ranked by Alexa.com.
Finjan’s Malicious Code Research Center (MCRC) has detailed the
workings of an insidious new application, especially designed to abuse
and trade stolen FTP account credentials of legitimate companies around
the world.
A trading interface is used to qualify the stolen accounts in terms
of country of residence of the FTP server and Google page ranking of the
compromised server. This information enables the cybercriminals to
devise costs for the compromised FTP credentials for resale to other
cybercriminals or to adjust the attack on more prominent sites. The
trading application also allows the cybercriminal to manage FTP
credential information to automatically place code on web pages on the
compromised server.
“Software-as-a-service has been evolving for sometime, but until now,
it has been applied only to legitimate applications. With this new
trading application, cybercriminals can gain access to FTP credentials
and thus infect both the legitimate websites and its unsuspecting
visitors. All of this can be easily achieved with just one push of a
button,” said Yuval Ben-Itzhak, CTO of Finjan.
|