In its latest Malicious Page of the Month report, Finjan reveals the commercialisation of stolen FTP server credentials, owned by legitimate companies, by hackers who use the NeoSploit Crimeware toolkit.
According to Finjan, the stolen credentials, including username, password and server address, are used to enable criminals to compromise servers and automatically inject crime-ware to infect users visiting them.
Among those stolen accounts are those of Fortune-level global companies in a wide range of industries, as well as government agencies, and include some of the world's top 100 domains as ranked by Alexa.com, it says.
"Software-as-a-service has been evolving for some time, but until now, it has been applied only to legitimate applications. With this new trading application, cyber-criminals have an instant 'solution' to their 'problem' of gaining access to FTP credentials and thus infecting both the legitimate Web sites and unsuspecting visitors. All of this can be easily achieved with just one push of a button," said Yuval Ben-Itzhak, CTO of Finjan.
Finjan invites IT security personnel from legitimate organisations to inquire if their FTP servers' credentials are among those identified as stolen.
According to Finjan, the NeoSploit 2 toolkit marks a serious escalation of crime-ware potential, since it uses the software-as-a-service business model.
Share