Finjan finds application selling FTP credentials

By

Researchers at the web security firm Finjan on Wednesday announced they have discovered a small database containing about 8,700 file-transfer protocol (FTP) server credentials that were being used to plant malicious code on legitimate websites.


The database – located on a server based in Hong Kong, operated by Russians and administered from Amsterdam, Netherlands – contained usernames, passwords and server addresses that could grant access to at least 2,000 sites in the United States, including at least a dozen Fortune 500 companies and several government agencies, said Iftach Amit, director of security research at Finjan.

The credentials were being used by the hackers to access and infect legitimate websites with malicious code, but they also were being sold to other criminals through the underground market, Amit told SCMagazineUS.com.

Each credential was listed with a price tag, determined by the Google page-ranking of the website the information could be used to compromise, Amit said.

The credentials enable cybercriminals to gain access to websites to inject IFRAME tags into webpages, which can redirect the client's browser to a malicious server.

The Finjan researchers stumbled across the application after tracking a number of trusted websites that contained code pointing to the overseas server, which also was hosting a crimeware toolkit being used to distribute malware.

Amit said organisations are welcome to contact Finjan to determine if their FTP credentials were listed on the database. In the meantime, the company has contacted numerous law enforcement agencies, including the FBI.

An agency spokesman could not confirm whether the FBI was investigating.

See original article on scmagazineus.com
Got a news tip for our journalists? Share it with us anonymously here.
Copyright © SC Magazine, US edition
Tags:
finjanftpsecurity

Sponsored Whitepapers

Modern Identity for SAP and Beyond: Replace SAP IDM with Saviynt
Modern Identity for SAP and Beyond: Replace SAP IDM with Saviynt
Saviynt Simplifies GRC and Access Control for SAP and Beyond
Saviynt Simplifies GRC and Access Control for SAP and Beyond
Futureproof Your Business with Datacom and AMD: Seamless Windows 11 Transition
Futureproof Your Business with Datacom and AMD: Seamless Windows 11 Transition
See everything. Do more.
See everything. Do more.
Lindentech Secures Digital Identity with Zero Trust and Microsoft Entra
Lindentech Secures Digital Identity with Zero Trust and Microsoft Entra

Events

Most Read Articles

NSW Police to embark on $126m IT overhaul

NSW Police to embark on $126m IT overhaul
CBA looks to GenAI to assist 1200 'security champions'

CBA looks to GenAI to assist 1200 'security champions'
Australia's super funds told to assess authentication controls

Australia's super funds told to assess authentication controls
Woolworths' CSO is Optus-bound

Woolworths' CSO is Optus-bound
techpartner.news logo
Dave Stevens on Brennan's evolution and the need for Aussie tech unity
Dave Stevens on Brennan's evolution and the need for Aussie tech unity
Sydney's ITKnocks on contact centre AI and the slow death of the IVR
Sydney's ITKnocks on contact centre AI and the slow death of the IVR
"It's an exciting time to be part of the health and aged care sector"
"It's an exciting time to be part of the health and aged care sector"
Insicon founder Matt Miller on the coming 'tsunami' of compliance and educating boards about cyber security
Insicon founder Matt Miller on the coming 'tsunami' of compliance and educating boards about cyber security
Orro claims Australia first with managed digital asset discovery service
Orro claims Australia first with managed digital asset discovery service

Log In

  |  Forgot your password?