iTnews
  • Home
  • News
  • Technology
  • Security

FTP login credentials at major corporations breached

By Greg Masters on Jun 29, 2009 12:23PM

A trojan has reportedly been uncovered that is harvesting FTP login data of major corporations, including the Bank of America, BBC, Amazon, Cisco, Monster.com, Symantec and McAfee.

According to a report in The Register, Jacques Erasmus, CTO at UK-based Prevx, discovered a site where a trojan is uploading FTP login credentials from more than 68,000 websites.

Once an individual's PC is infected with the trojan, that user's stored FTP login credentials are harvested. An attacker can then log in to the FTP site. The logins are believed to have been stolen during the last two weeks and some are thought to still be valid.

Erasmus said the compromised sites would then be vulnerable for hackers to upload drive-by download scripts and other malware. A variant of the ZBot trojan, hosted on a server in China, is said to be receiving the uploaded FTP credentials in plain text, making it simple for cybercriminals to gather up the data.

First detected in September 2007, ZBot is already notorious for capturing keystrokes to obtain login credentials, along with credit card or other sensitive information.

"It's a never-ending battle," Ivan Macalintal, threat researcher manager at Trend Micro, told SCMagazineUS.com.

Zbot, aka Zeus, is an infamous information-stealer that usually comes via a drive-by download on a compromised website, he said.

"We're also seeing it being deployed by email with a malicious link or attachment," Macalintal added.

Recent variants came disguised as an email that claimed to be a critical update for Microsoft Outlook. Some variants of the trojan are also capable of getting snapshots of an infected user's system, Macalintal said.

The rise in this type of trojan may be due to the fact that kits are being sold in the cyber underground that allow attackers to create their own trojans and customize them to configure what stored information they need, and how it will be sent back to the creator, Macalintal said.

As far as what can be done to defend against attacks, Macalintal listed the traditional antidotes: don't click on suspicious, unsolicited links; browse safely and securely using good web filtering; update patches; and use safe computing practices. In the case of last week's scam involving Microsoft updates, he said that end-users should remember that vendors do not send updates via email.


See original article on scmagazineus.com

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © SC Magazine, US edition
Tags:
amazonbbcbreachcredentialsdataftploginmcafeesecuritysymantectrojanzbot

Partner Content

How to turn digital complexity into competitive advantage
Promoted Content How to turn digital complexity into competitive advantage
"We're seeing some good policy put in place, but that's the exception"
Partner Content "We're seeing some good policy put in place, but that's the exception"
Avoiding CAPEX by making on-premise IT more cloud-like
Promoted Content Avoiding CAPEX by making on-premise IT more cloud-like
Security: Understanding the fundamentals of governance, risk & compliance
Promoted Content Security: Understanding the fundamentals of governance, risk & compliance

Sponsored Whitepapers

Extracting the value of data using Unified Observability
Extracting the value of data using Unified Observability
Planning before the breach: You can’t protect what you can’t see
Planning before the breach: You can’t protect what you can’t see
Beyond FTP: Securing and Managing File Transfers
Beyond FTP: Securing and Managing File Transfers
NextGen Security Operations: A Roadmap for the Future
NextGen Security Operations: A Roadmap for the Future
Video: Watch Juniper talk about its Aston Martin partnership
Video: Watch Juniper talk about its Aston Martin partnership

Events

  • CRN Channel Meets: CyberSecurity Live Event
  • IoT Insights: Secure By Design for manufacturing
  • Cyber Security for Government Summit
By Greg Masters
Jun 29 2009
12:23PM
0 Comments

Related Articles

  • Amazon's Twitch blames configuration error for data breach
  • Amazon's Twitch hit by data breach
  • Law firm mulls class action over NDIS software provider data breach
  • NDIS case management system provider breached
Share on Twitter Share on Facebook Share on LinkedIn Share on Whatsapp Email A Friend

Most Read Articles

Qantas calls time on IBM, Fujitsu in tech modernisation

Qantas calls time on IBM, Fujitsu in tech modernisation
Service NSW hits digital services goal two years early

Service NSW hits digital services goal two years early
SA Police ignores Adelaide council plea for facial recognition ban on CCTV

SA Police ignores Adelaide council plea for facial recognition ban on CCTV
NBN Co says TPG tie-up could help Telstra sidestep spectrum limits

NBN Co says TPG tie-up could help Telstra sidestep spectrum limits

Digital Nation

The security threat of quantum computing
The security threat of quantum computing
Integrity, ethics and board decisions in the digital age
Integrity, ethics and board decisions in the digital age
COVER STORY: Operationalising net zero through the power of IoT
COVER STORY: Operationalising net zero through the power of IoT
Crypto experts optimistic about future of Bitcoin: Block
Crypto experts optimistic about future of Bitcoin: Block
IBM global chief data officer on the rise of the number crunchers
IBM global chief data officer on the rise of the number crunchers
All rights reserved. This material may not be published, broadcast, rewritten or redistributed in any form without prior authorisation.
Your use of this website constitutes acceptance of nextmedia's Privacy Policy and Terms & Conditions.