In association with heise online

29 February 2008, 14:37

Over 8000 ftp credentials found on crimeware database

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

Security services provider Finjan has discovered a database on the web containing more than 8,700 stolen web site ftp credentials sets including those of "highly respected organizations, such as government, financial services, leading suppliers in the technology industry and even prominent security vendors". The overwhelming majority are based in the USA and the Russian Federation, with Australia and Asia/Pacific trailing second place.

This database apparently services Neosploit version 2, one of the growing number of automated toolkits that facilitate iframe injection attacks on web servers for trojan distribution. It offers a highly sophisticated user interface including drill-down statistics, and is clearly of Russian origin.

It its February Malicious Page of the Month report, Finjan describes the crimeware tool in detail, including a component called FTP-Toolz* pack 2.7 that, in addition to installing iframes, can import and export lists of account credentials from databases such as the one just discovered.

See also


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit