Prevx Discovers ZBot Trojan Stealing FTP Details of Several Companies
Security experts at an antivirus firm 'Prevx' found that around 88,000 FTP (File Transfer Protocol) credentials were stolen by the ZBot Trojan on June 26, 2009, as reported by eWeek on June 29, 2009.
According to some authentic reports, ZBot Trojan swept FTP details of a number of organizations such as Monster, Symantec, Cisco, McAfee, BBC, Amazon, etc.
Jacques Erasmus, Director of malware Research, Prevx, said that they had come across the FTP credentials when they had been searching for a malware strain that transmitted data to a web server, as reported by Tech Herald on June 29, 2009.
Erasmus further added that they accessed the URL and traced the path of credentials, leading to the actual location where stolen files were stored.
Explaining the modus operandi of the Trojan, Erasmus said that once the infection entered the computer, the Trojan stealthily captured all FTP credentials.
According to security experts, the stolen FTP details belonged to employees of the companies and a large number of consumers whose GeoCities and other critical login details were compromised. In fact, the Trojan has caused severe security breaches, including pilfering of login and other critical details of a number of users.
Criminals behind the attack intentionally randomized the data to avoid detection and to make harder for security agencies to classify how many users' data of a particular company has been compromised.
The security firm has further revealed that the FTP sweeping took place recently in the second and third week of June 2009.
The stolen FTP files have great value for attackers, evident from the recently observed mass injection attacks like Nine-Ball, Gumblar and Beladen. These attacks affected several thousands users and primarily depended on the stolen FTP logins.
Meanwhile, Prevx has said that it notified the US-CERT about the ZBot exploitation and the notification to other organizations, especially companies, is underway. The security company has taken into consideration the impact of infection on users before sending formal information about the security breaches. Therefore, financial companies have been given priority by the firm as their credentials put a big customer base at risk of losing money.
Related article: Privacy And Data Protection Critical To Future Success
» SPAMfighter News - 13-07-2009