SCF Portal Stats

Members
  • Total Members: 14197
  • Latest: Levine
Stats
  • Total Posts: 43434
  • Total Topics: 16528
  • Online today: 3114
  • Online ever: 51419
  • (01. January 2010., 10:27:49)
Users Online
Users: 2
Guests: 3071
Total: 3073









Post reply

Name:
Email:
Subject:
Message icon:
Verification:
Type the letters shown in the picture
Listen to the letters / Request another image

Type the letters shown in the picture:
Second Anti-Bot trap, type or simply copy-paste below (only the red letters):www.codekids.ba:

shortcuts: hit alt+s to submit/post or alt+p to preview


Topic Summary

Posted by: georgecloner
« on: 29. June 2009., 16:01:33 »


A trojan is collecting FTP information from popular websites such as Amazon, the BBC, Symantec, and more.

According to Jacques Erasmus, the CTO of security tools firm Prevx, he recently came across the "biggest compromise of its type," referring to a "cybercrime" server where a trojan is uploading FTP login information captured from infected machines. What makes this particular trojan so spectacular is the source credentials it is stealing: Amazon, Monster, McAfee, Symantec, and thousands more high profile sites, comprising a list of more than 68,000.

Earlier today, Erasmus told The Register that this type of breach would be bad news for the compromised sites, as hackers could upload drive-by download scripts and other harmful applications. The company's initial investigation showed that the FTP information was collected over the past few weeks, and that some of the information remains valid. Previx has contacted many organizations already including Bank of America and more.

Erasmus explained that a variant of the zbot trojan is swiping and uploading the FTP login data to a server hosted in China. The information is stored in plain text and left open for anyone to acquire and use. Although Prevx has filed an abuse complaint against the service hosting the illicit server, Erasmus did not say whether the company has investigated the parties responsible for the theft. He also said that Prevx is currently scanning potentially vulnerable websites for any signs of abnormal activity, but has not found anything dangerous as of this writing.

So where is the trojan getting its source FTP information? "The data is harvested from users' machines, when they get infected," Erasmus told The Register. "A typical scenario might be that a web designer for one of the organizations gets infected, his stored ftp login details get compromised, and so the attacker in this case is able to log in to the ftp site and compromise the website pages."

For now, this is the only information Erasmus and Prevx was willing to offer. Hopefully the company will get things under control before hackers begin to infiltrate major websites. While many organizations have already changed FTP login information, the fact that some information "remains valid"--without offering exactly what websites remain vulnerable--is enough to make any Web surfer feel somewhat paranoid.

{TOMSGUIDE}

Enter your email address to receive daily email with 'SCforum.info - Samker's Computer Forum' newest content:

Kursevi programiranja za ucenike u Sarajevu

Terms of Use | Privacy Policy | Advertising
TinyPortal 2.3.1 © 2005-2023