HOME     MENU     SEARCH     NEWSLETTER    
THE ENTERPRISE SECURITY SUPERSITE. UPDATED 10 MINUTES AGO.
You are here: Home / Applications / Hackers Use SaaS To Sell Passwords
Build Apps 5x Faster
For Half the Cost Enterprise Cloud Computing
On Force.com
Hackers Use SaaS To Auction FTP Passwords, Inject Code
Hackers Use SaaS To Auction FTP Passwords, Inject Code
By Jennifer LeClaire / Enterprise Security Today Like this on Facebook Tweet this Link thison Linkedin Link this on Google Plus
PUBLISHED:
FEBRUARY
28
2008


More than 8,700 FTP log-in names and passwords are being peddled at an online auction site for stolen data, according to security firm Finjan. The site includes software that lets criminals hack Web servers and automatically inject crimeware that infects visitors to the Web site.

Some of the information opens a back door into Fortune 500 companies in manufacturing, telecom, media, online retail and IT, as well as government agencies. The stolen FTP accounts include some of the world's top 100 domains as ranked by Alexa.com.

Putting a Price on Stolen Data

Finjan's Malicious Code Research Center detailed the workings of the software, dubbed the NeoSploit 2 toolkit, that is designed to exploit and trade FTP account credentials stolen from legitimate companies.

Here's how it works: The software uses an eBay-like trading interface to qualify the stolen accounts in terms of the country where the server is located and the Google page ranking of the compromised server. Cybercriminals use the information to set a price for the compromised FTP credentials so they can be resold to other cybercriminals or adjust an attack on more prominent sites. The software also allows cybercriminals to use the FTP credentials to automatically inject HTML IFrame tags into Web pages on the compromised server.

"Software as a service (SaaS) has been evolving for sometime, but until now it has been applied only to legitimate applications. With this new trading application, cybercriminals have an instant 'solution' to their 'problem' of gaining access to FTP credentials and thus infecting both the legitimate Web sites and its unsuspecting visitors. All of this can be easily achieved with just one push of a button," said Yuval Ben-Itzhak, CTO of Finjan.

According to Finjan, the NeoSploit 2 toolkit marks a serious escalation of crimeware potential, since it uses the SaaS business model.

The fact that cybercriminals are becoming more organized and sophisticated shouldn't be news to any IT department fighting the ever-growing threat. However, many businesses will be wondering if they might be the next victim, according to Graham Cluley, a senior technology consultant at Sophos.

Criminals Target the Unsuspecting

Sophos experts are discovering 6,000 newly infected Web pages every day -- that's one every 14 seconds. Eighty-three percent of those Web pages belong to companies and individuals who are not aware that their sites have been hacked.

"Criminal gangs are not only infecting Web pages, they are also trading user names and passwords to waltz straight onto corporate Web sites and plant dangerous code," Cluley said. "That means that even if your Web site does not have a vulnerability on it which can be exploited, the hackers can walk in through a side entrance." (continued...)

1  2  Next Page >

Read more on: FTP, SaaS, Cybercriminals, eBay
Tell Us What You Think
Comment:

Name:

Like Us on FacebookFollow Us on Twitter
TOP STORIES NOW
MAY INTEREST YOU
High Quality CRM Data: Prevent, detect and fix errors at the point of data entry for Dynamics CRM. Trillium Software helps you achieve an accurate, synchronized, single view of customers. It's time to trust your data. Take a product tour and read CRM Analyst opinions here.
MORE IN APPLICATIONS
Product Information and Resources for Technology You Can Use To Boost Your Business

NETWORK SECURITY SPOTLIGHT
Sony is no stranger to breaches. Sony’s PlayStation Network was hacked in 2011 and attackers obtained 77 million user accounts. The latest attack comes against Sony Pictures Entertainment.

ENTERPRISE HARDWARE SPOTLIGHT
Chinese computer maker Lenovo got creative with the marketing campaign around its Yoga 3 Pro. Lenovo hired the Upright Citizens Brigade, a comic troupe, to help drum up visibility for its new device.

MOBILE TECHNOLOGY SPOTLIGHT
In its bid for the wearables market, Sony is reportedly developing a watch made out of electronic paper for release as soon as next year. The e-paper watch will emphasize style over tech innovations.

© Copyright 2014 NewsFactor Network, Inc. All rights reserved. Member of Accuserve Ad Network.