Finjan finds world’s top ftp servers compromised and for sale by cybercriminals

Finjan CTO Yuval Ben-Itzhak says that its latest Malicious Page of the Month report reveals that hackers using the NeoSploit Crimeware toolkit have stolen legitimate ftp server credentials, including username, password and server address. On the list are global companies across a range of industries, including manufacturing, telecom and IT, as well as government agencies and some of the world’s top 100 domains. It means that criminals can compromise servers and automatically inject crimeware to infect visiting users. Apparently, a trading interface is used to qualify the stolen accounts, in terms of ftp server country and Google page ranking, and the information used by cybercriminals to price up compromised ftp credentials for resale to others. “Software-as-a-service has been evolving for some time but, until now, it has been applied only to legitimate applications,” observes Itzhak. “With this new trading application, cybercriminals have an instant solution to their problem of gaining access to ftp credentials.” The attack is described in detail in Finjan’s latest “Malicious Page of the Month” report released today. To download the report, visit http://www.finjan.com/mpom