Explore the latest news and trends  

Keep yourself up to date with one of the following options:

  • Explore more news around Spam/Phishing, Malware/Cyber-attacks and Antivirus
  • Receive news and special offers from SPAMfighter directly in your inbox.
  • Get free tips and tricks from our blog and improve your security when surfing the net.
Go

Prevx Discovers ZBot Trojan Stealing FTP Details of Several Companies

Security experts at an antivirus firm 'Prevx' found that around 88,000 FTP (File Transfer Protocol) credentials were stolen by the ZBot Trojan on June 26, 2009, as reported by eWeek on June 29, 2009.

According to some authentic reports, ZBot Trojan swept FTP details of a number of organizations such as Monster, Symantec, Cisco, McAfee, BBC, Amazon, etc.

Jacques Erasmus, Director of malware Research, Prevx, said that they had come across the FTP credentials when they had been searching for a malware strain that transmitted data to a web server, as reported by Tech Herald on June 29, 2009.

Erasmus further added that they accessed the URL and traced the path of credentials, leading to the actual location where stolen files were stored.

Explaining the modus operandi of the Trojan, Erasmus said that once the infection entered the computer, the Trojan stealthily captured all FTP credentials.

According to security experts, the stolen FTP details belonged to employees of the companies and a large number of consumers whose GeoCities and other critical login details were compromised. In fact, the Trojan has caused severe security breaches, including pilfering of login and other critical details of a number of users.

Criminals behind the attack intentionally randomized the data to avoid detection and to make harder for security agencies to classify how many users' data of a particular company has been compromised.

The security firm has further revealed that the FTP sweeping took place recently in the second and third week of June 2009.

The stolen FTP files have great value for attackers, evident from the recently observed mass injection attacks like Nine-Ball, Gumblar and Beladen. These attacks affected several thousands users and primarily depended on the stolen FTP logins.

Meanwhile, Prevx has said that it notified the US-CERT about the ZBot exploitation and the notification to other organizations, especially companies, is underway. The security company has taken into consideration the impact of infection on users before sending formal information about the security breaches. Therefore, financial companies have been given priority by the firm as their credentials put a big customer base at risk of losing money.

Related article: Privacy And Data Protection Critical To Future Success

» SPAMfighter News - 13-07-2009

3 simple steps to update drivers on your Windows PCSlow PC? Optimize your Slow PC with SLOW-PCfighter!Email Cluttered with Spam? Free Spam Filter!

Exchange Anti Spam Filter
Go back to previous page
Next