Over 8000 ftp credentials found on crimeware database
Security services provider Finjan has discovered a database on the web containing more than 8,700 stolen web site ftp credentials sets including those of "highly respected organizations, such as government, financial services, leading suppliers in the technology industry and even prominent security vendors". The overwhelming majority are based in the USA and the Russian Federation, with Australia and Asia/Pacific trailing second place.
This database apparently services Neosploit version 2, one of the growing number of automated toolkits that facilitate iframe injection attacks on web servers for trojan distribution. It offers a highly sophisticated user interface including drill-down statistics, and is clearly of Russian origin.
It its February Malicious Page of the Month report, Finjan describes the crimeware tool in detail, including a component called FTP-Toolz* pack 2.7 that, in addition to installing iframes, can import and export lists of account credentials from databases such as the one just discovered.
- Malicious Page of the Month - February 2008, report by Finjan