8,700 FTPs on Sale in Online Black Market, Says Finjan

Finjan, a San Jose-based online security providing company, discovered that Websites of world's top corporate companies are at target of malicious codes. Majority of these codes are coming from online black market.

The company claimed on February 27, 2008 that it discovered an illegitimate database with over 8,700 pilfered FTP (First Transfer Protocol) server credentials like passwords, usernames and addresses. According to Finjan, the stolen credentials are available for selling to hackers who can exploit them to carry out malicious attacks against the vulnerable systems.

Yuval Ben-Itzhak, Chief Technology Officer, Finjan, said that the pilfered credentials belong to top corporate companies from around the world. 2,500 companies from North America alone have their credentials on sale from which some are those whose domains come in top 100s, as reported by ComputerWorld on February 27, 2008.

Ben-Itzhak also said that the stolen FTP credentials will facilitate hackers to launch attack and upload malware of their choice just by one or two clicks. The hackers have the option to buy credentials of any server and carry out attack without putting in much effort.

Researchers at Malicious Code Research Center of Finjan have discovered the findings. Their research and deep analysis have found that standalone applications are at the backend of the compromised server that facilitates in trading of stolen data.

Describing the methodology of attack, researchers said that the hackers use stolen data to penetrate into the Web servers from where they try to inject malware into the legitimate Web servers of various organizations, including government agencies, public companies and financial institutions. The prime objective behind injecting malware into the Websites of these organizations is to access vital information like bank accounts, passwords, and social security numbers of employees and customers.

Finjan researchers also highlighted that NeoSploit toolkit is capable to imitate SaaS model, which in turn optimizes the possibilities of malware attack for attackers.

Ben Itzhak also said that software is gradually evolving as service. Earlier, it was used only for legitimate applications but the newly discovered database and use of relatively new trading applications exhibited that now it is extensively being used in cyber underworld, as reported by ComputerWorld.

Researchers also told that the server is located in Hong Kong but its content is in Russian.

Related article: “Loopholes did not cause online banking thefts”: ICBC

» SPAMfighter News - 3/4/2008