SCF Advanced Search

  • Total Posts: 40520
  • Total Topics: 14428
  • Online Today: 599
  • Online Ever: 51419
  • (01. January 2010., 10:27:49)

Author Topic: Trojan Stealing Amazon, Symantec FTP Info (Zbot trojan)  (Read 2337 times)

0 Members and 1 Guest are viewing this topic.


  • SCF VIP Member
  • *****
  • Posts: 171
  • KARMA: 16
  • Gender: Male

A trojan is collecting FTP information from popular websites such as Amazon, the BBC, Symantec, and more.

According to Jacques Erasmus, the CTO of security tools firm Prevx, he recently came across the "biggest compromise of its type," referring to a "cybercrime" server where a trojan is uploading FTP login information captured from infected machines. What makes this particular trojan so spectacular is the source credentials it is stealing: Amazon, Monster, McAfee, Symantec, and thousands more high profile sites, comprising a list of more than 68,000.

Earlier today, Erasmus told The Register that this type of breach would be bad news for the compromised sites, as hackers could upload drive-by download scripts and other harmful applications. The company's initial investigation showed that the FTP information was collected over the past few weeks, and that some of the information remains valid. Previx has contacted many organizations already including Bank of America and more.

Erasmus explained that a variant of the zbot trojan is swiping and uploading the FTP login data to a server hosted in China. The information is stored in plain text and left open for anyone to acquire and use. Although Prevx has filed an abuse complaint against the service hosting the illicit server, Erasmus did not say whether the company has investigated the parties responsible for the theft. He also said that Prevx is currently scanning potentially vulnerable websites for any signs of abnormal activity, but has not found anything dangerous as of this writing.

So where is the trojan getting its source FTP information? "The data is harvested from users' machines, when they get infected," Erasmus told The Register. "A typical scenario might be that a web designer for one of the organizations gets infected, his stored ftp login details get compromised, and so the attacker in this case is able to log in to the ftp site and compromise the website pages."

For now, this is the only information Erasmus and Prevx was willing to offer. Hopefully the company will get things under control before hackers begin to infiltrate major websites. While many organizations have already changed FTP login information, the fact that some information "remains valid"--without offering exactly what websites remain vulnerable--is enough to make any Web surfer feel somewhat paranoid.

Creativity is a mental and social process involving the generation of new ideas or concepts, or new associations of the creative mind between existing ideas or concepts.

Samker's Computer Forum -


With Quick-Reply you can write a post when viewing a topic without loading a new page. You can still use bulletin board code and smileys as you would in a normal post.

Name: Email:
Type the letters shown in the picture
Listen to the letters / Request another image
Type the letters shown in the picture:
Second Anti-Bot trap, type or simply copy-paste below (only the red letters)

Enter your email address to receive daily email with ' - Samker's Computer Forum' newest content:

Terms of Use | Privacy Policy | Advertising